[mapserver-users] Mapserver Security

Bill Thoen bthoen at gisnet.com
Wed Jul 29 08:13:28 PDT 2009


Steve Lime wrote:
> Others may have different ideas but it seems to me you'll need to secure the wms binary 
> rather than a directory. (I wouldn't store mapfiles and templates in a web accessible location
> anyway.) There are probably many ways to do this. One idea might be to have separate
> WMS binaries, one for password-protected stuff and another for public stuff, call 'em 
> wms1 and wms2. Latest versions of MapServer allow you to set an env variable called
> MS_MAPFILE_PATTERN. This is used as a regex test against the requested mapfile and can
> help restrict what can be loaded. It's not fool proof but is a good start. You could ....
>   

I thought I knew how regex worked but I guess not. Attempting to follow 
your advice, I'm trying to run this file from a wrapper: 
/var/www/mapfiles/MyMapfile.map

and in /etc/httpd/conf/httpd.conf, I've set the following line:
SetEnv MS_MAPFILE_PATTERN='^/var/www/mapfiles/.*$'
and restarted the httpd service.

But what's wrong with my regex? I'm getting this error:
msEvalRegex(): Regular expression error. String 
(/var/www/mapfiles/MyMapfile.map) failed expression test.




More information about the MapServer-users mailing list