New Security Filters (was: re: [MapServer-Users] User control)
Jan Hartmann
jhart at frw.uva.nl
Thu Apr 10 09:29:31 PDT 2003
One solution would be to create multiple virtual hosts under the same
WebServer. Each can have its own HTML pages and mapfiles (with their own
access rights), but the MapServer executables and source files can be
shared. The new security filters in MapServer make this possible. It
works like this:
For each virtual host you define an environment variable called
MS_MAPFILE_PATTERN. With Apache this is done with the SetEnv directive
in httpd.conf. This variable should contain a regular expression, and
only mapfiles with names agreeing with that expression can be accessed
by MapServer via that particular virtual host.
Additionally you can use DATAPATTERN and TEMPLATEPATTERN in the mapfile,
to restrict scripted access to datafiles and templates. By default, no
access is allowed, so these don't have to be set if datafiles and
templates are hardcoded in the mapfile. However, access to mapfiles is
*NOT* restricted, unless you set MS_MAPFILE_PATTERN, so don't forget to
set it in a security-aware environment.
This way you can restrict access to layers. I'm not sure if it is
possible to restrict access to parts of a layer's extent.
This is all very new and experimental, so if you succeed in setting up
something like this, please share your experiences.
There is some documentation on this in the Wiki:
http://mapserver.gis.umn.edu/cgi-bin/wiki.pl?MigrationGuide
Jan
Petur Kirke wrote:
> We are building a WMS Service, and we want to control the access, that the
> users will get. Some users should only see some layers, and a part of the
> map area.
>
> I am wondering how others are implementing access control of this kind ? I
> would be greatful for some information.
>
> _______________________________________________
> Mapserver-users mailing list
> Mapserver-users at lists.gis.umn.edu
> http://lists.gis.umn.edu/mailman/listinfo/mapserver-users
>
Jan Hartmann
Department of Geography
University of Amsterdam
jhart at frw.uva.nl
More information about the MapServer-users
mailing list