[mapserver-users] CGI wrapper scripts
Paul Spencer
pspencer at dmsolutions.ca
Wed Nov 17 12:15:57 PST 2010
David, if you are using Apache then you might be able to use mod_rewrite to do a similar thing. For instance, I put the following into a .htaccess file in my cgi-bin directory to obscure map paths in fusion - basically you use map=<name>&session=<sessionid> and it will internally redirect to map=/tmp/sess_<sessionid>/<name>.map. There are two rules in case the order of map and session changes.
RewriteEngine on
RewriteCond %{QUERY_STRING} !redirected
RewriteCond %{QUERY_STRING} session=([a-z0-9]+)&.*map=([a-z0-9-_]+)&
RewriteRule ^.*$ %{REQUEST_URI}?redirected=true&map=/tmp/sess_%1/%2.map&%{QUERY_STRING} [L]
RewriteCond %{QUERY_STRING} !redirected
RewriteCond %{QUERY_STRING} map=([a-z0-9-_]+)&.*session=([a-z0-9]+)&
RewriteRule ^.*$ %{REQUEST_URI}?redirected=true&map=/tmp/sess_%2/%1.map&%{QUERY_STRING} [L]
You could do something similar for just obscuring the map= part
RewriteEngine on
# if not redirected and contains map= then fire a 403 error
RewriteCond %{QUERY_STRING} !redirected
RewriteCond %{QUERY_STRING} map=
RewriteRule mapserv %{REQUEST_URI} [F]
# if not redirected and no map= redirect to mapserv with map=
RewriteCond %{QUERY_STRING} !redirected
RewriteCond %{QUERY_STRING} !map=
RewriteRule gmap /cgi-bin/mapserv.exe?redirected=true&map=/ms4w/apps/gmap/htdocs/gmap75.map&%{QUERY_STRING}
then any requests with map= in them will be forbidden unless they also contain 'redirected'
http://server/cgi-bin/mapserv?map= <- will be forbidden
and requests for gmap will be redirected to mapserv.exe with map=/ in them
http://server/cgi-bin/gmap? <- redirected
In a production environment you would change 'redirected' to some random, unguessable string in the 3 places it occurs
Cheers
Paul
On 2010-11-17, at 12:20 PM, David Hildebrand wrote:
> The MapServer documentation has an example of CGI wrapper scripts for a
> UNIX environment. Would there be an equivalent Windows form I could
> use? I was thinking of using PERL.
>
>
> ===========================
> David V. Hildebrand
> Agriculture Financial Services Corporation
> (403) 782-8239
>
> www.afsc.ca <http://www.afsc.ca>
> This communication is intended for the use of the recipient to which it
> is addressed, and may contain confidential, personal and/or privileged
> information. Please contact Agriculture Financial Services Corporation
> immediately if you are not the intended recipient of this communication,
> and do not copy, distribute, or take action relying on it. Any
> communication received in error, or subsequent reply, should be deleted
> or destroyed. Please consider the environment before printing this
> email.
>
>
> _______________________________________________
> mapserver-users mailing list
> mapserver-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-users
__________________________________________
Paul Spencer
Chief Technology Officer
DM Solutions Group Inc
http://research.dmsolutions.ca/
More information about the MapServer-users
mailing list