[mapserver-users] Mapserver Security

Adrian Popa adrian_gh.popa at romtelecom.ro
Wed Jul 29 22:42:04 PDT 2009


Hello Bill.

Try escaping the forward slashes... Although they are not a special 
character, usually regexes are called between forward slashes /REGEX/, 
so it could mess things up.

Try:
SetEnv MS_MAPFILE_PATTERN='^\/var\/www\/mapfiles\/.*$'

Also, $ after .* is irrelevant... :)

Good luck,
Adrian

Bill Thoen wrote:
> Steve Lime wrote:
>> Others may have different ideas but it seems to me you'll need to 
>> secure the wms binary rather than a directory. (I wouldn't store 
>> mapfiles and templates in a web accessible location
>> anyway.) There are probably many ways to do this. One idea might be 
>> to have separate
>> WMS binaries, one for password-protected stuff and another for public 
>> stuff, call 'em wms1 and wms2. Latest versions of MapServer allow you 
>> to set an env variable called
>> MS_MAPFILE_PATTERN. This is used as a regex test against the 
>> requested mapfile and can
>> help restrict what can be loaded. It's not fool proof but is a good 
>> start. You could ....
>>   
>
> I thought I knew how regex worked but I guess not. Attempting to 
> follow your advice, I'm trying to run this file from a wrapper: 
> /var/www/mapfiles/MyMapfile.map
>
> and in /etc/httpd/conf/httpd.conf, I've set the following line:
> SetEnv MS_MAPFILE_PATTERN='^/var/www/mapfiles/.*$'
> and restarted the httpd service.
>
> But what's wrong with my regex? I'm getting this error:
> msEvalRegex(): Regular expression error. String 
> (/var/www/mapfiles/MyMapfile.map) failed expression test.
>
> _______________________________________________
> mapserver-users mailing list
> mapserver-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-users
>




More information about the MapServer-users mailing list