[mapserver-users] Control access to WMS

[Martin Kofahl]

WSS/WAS requires authentication. I wonder if and which http_referer 
header is usually sent to the server when using openlayers. You could 
check if this header either contains the url where your site runs or if 
it is empty/not set for clients not sending this header. This can be 
realized in the apache configuration or a wrapper. Not 100% secure but 
helps to avoid the use of your WMS on other public sites.

Martin

Milo van der Linden wrote:
> You might consider implementing an specific wms access control proxy.
> 52North offers this on their open source stack:
>
> http://52north.org/maven/project-sites/security/
>
>
>
> Steve.Toutant at inspq.qc.ca schreef:
>   
>> Hi,
>> I defined a WMS Raster layer that I use in my OpenLayers/GeoExt apps,
>> I would like to control the access to this WMS, so people can use it
>> via my application, but can not "call" the WMS to use it in their
>> client application. The reason is there is a "context" that comes with
>> this WMS. Without it the data can be misinterpreted.
>>
>> I already posted this thread on OpenLayers list. It seems that the
>> solution could be on the server side with Apache. Someone suggested to
>> limit the access with a user and password or other functionality with
>> Apache.
>>
>> My application will be public so there is no user and password but I
>> still need to control the access to this particular WMS layer.
>> Is there something I can control using MapServer?
>>
>> thanks for your help!
>> Steve
>>
>>  
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> mapserver-users mailing list
>> mapserver-users at lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/mapserver-users
>>   
>>     
>
> _______________________________________________
> mapserver-users mailing list
> mapserver-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-users
>