[mapserver-users] Mapserver Security
Adrian Popa
adrian_gh.popa at romtelecom.ro
Wed Jul 29 22:42:04 PDT 2009
Hello Bill.
Try escaping the forward slashes... Although they are not a special
character, usually regexes are called between forward slashes /REGEX/,
so it could mess things up.
Try:
SetEnv MS_MAPFILE_PATTERN='^\/var\/www\/mapfiles\/.*$'
Also, $ after .* is irrelevant... :)
Good luck,
Adrian
Bill Thoen wrote:
> Steve Lime wrote:
>> Others may have different ideas but it seems to me you'll need to
>> secure the wms binary rather than a directory. (I wouldn't store
>> mapfiles and templates in a web accessible location
>> anyway.) There are probably many ways to do this. One idea might be
>> to have separate
>> WMS binaries, one for password-protected stuff and another for public
>> stuff, call 'em wms1 and wms2. Latest versions of MapServer allow you
>> to set an env variable called
>> MS_MAPFILE_PATTERN. This is used as a regex test against the
>> requested mapfile and can
>> help restrict what can be loaded. It's not fool proof but is a good
>> start. You could ....
>>
>
> I thought I knew how regex worked but I guess not. Attempting to
> follow your advice, I'm trying to run this file from a wrapper:
> /var/www/mapfiles/MyMapfile.map
>
> and in /etc/httpd/conf/httpd.conf, I've set the following line:
> SetEnv MS_MAPFILE_PATTERN='^/var/www/mapfiles/.*$'
> and restarted the httpd service.
>
> But what's wrong with my regex? I'm getting this error:
> msEvalRegex(): Regular expression error. String
> (/var/www/mapfiles/MyMapfile.map) failed expression test.
>
> _______________________________________________
> mapserver-users mailing list
> mapserver-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-users
>
More information about the MapServer-users
mailing list