[mapserver-users] ows_denied_ip_list is working ?
Lime, Steve D (MNIT)
steve.lime at state.mn.us
Mon Aug 12 08:23:56 PDT 2019
Forgot the link: https://mapserver.org/development/rfc/ms-rfc-90.html.
From: Lime, Steve D (MNIT)
Sent: Monday, August 12, 2019 10:23 AM
To: Andrea Peri <aperi2007 at gmail.com>
Cc: mapserver-users at lists.osgeo.org
Subject: RE: [mapserver-users] ows_denied_ip_list is working ?
The original RFC that proposed the feature addition does reference using CIDR notation for ips. I’ve not tested that specifically though…
From: Andrea Peri [mailto:aperi2007 at gmail.com]
Sent: Monday, August 12, 2019 5:56 AM
To: Lime, Steve D (MNIT) <steve.lime at state.mn.us<mailto:steve.lime at state.mn.us>>
Cc: mapserver-users at lists.osgeo.org<mailto:mapserver-users at lists.osgeo.org>
Subject: Re: [mapserver-users] ows_denied_ip_list is working ?
This message may be from an external email source.
Do not select links or open attachments unless verified. Report all suspicious emails to Minnesota IT Services Security Operations Center.
Hi Steve,
thx for your test.
I do more test to try to understand better what I'm wrong.
Just to do a better with an more large IP range.
Is possibile to use the IP/CIDR sintax to describe the IP range or need to list all the IP denied ?
A.
Thx,
Il giorno mer 31 lug 2019 alle ore 23:50 Lime, Steve D (MNIT) <steve.lime at state.mn.us<mailto:steve.lime at state.mn.us>> ha scritto:
Hi Andrea: I just tested with MapServer 6.4 and 7.4 and it works as expected, at least with WMS GetMap requests. My process was:
1. Make a WMS request and check the logs to confirm the IP I was showing up as.
2. Edit the mapfile and add “ows_denied_ip_list” “my IP” to the WEB METADATA section.
3. Perform the same WMS request in the browser – result was a WMS exception.
4. Edit the mapfile and change the ip slightly so it shouldn’t match but leaving the directive in place.
5. Perform the same WMS request in the browser – result was a PNG image.
I did tried multiple IPs in the list, with and without my IP and everything worked as expected. I did not try using an external file. I did notice with my IP in the list a GetMap request was blocked, a GetCapabilities request was not. I didn’t try a GetFeature… request.
Makes me wonder if you have the right IP for your test setup?
--Steve
From: Andrea Peri [mailto:aperi2007 at gmail.com<mailto:aperi2007 at gmail.com>]
Sent: Tuesday, July 30, 2019 2:30 PM
To: Lime, Steve D (MNIT) <steve.lime at state.mn.us<mailto:steve.lime at state.mn.us>>; mapserver-users at lists.osgeo.org<mailto:mapserver-users at lists.osgeo.org>
Subject: Re: [mapserver-users] ows_denied_ip_list is working ?
Hi,
I was using a compiled version from a recent clone of master .
I try to apply ot to WEB-> METADATA section section using this kind of values:
I try to use a list of IP directly listed using a space as separator
"ows_denied_ip_list" "xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz"
or using a file where there is the same list one IP for line
"ows_denied_ip_list" "file:/path-to-file/file-with-ip-list.txt"
The values listed are the possibly values of our proxy.
So I guess setting them as denied IP mapserver should refuse to give a map to every client wms using them.
Instead the map are still showed.
I'm using QGIS as wms client to test it.
A.
Il mar 30 lug 2019, 04:21 Lime, Steve D (MNIT) <steve.lime at state.mn.us<mailto:steve.lime at state.mn.us>> ha scritto:
I will test and reply back. What specific version, config and tests did you try on your end?
________________________________
From: mapserver-users <mapserver-users-bounces at lists.osgeo.org<mailto:mapserver-users-bounces at lists.osgeo.org>> on behalf of Andrea Peri <aperi2007 at gmail.com<mailto:aperi2007 at gmail.com>>
Sent: Saturday, July 27, 2019 9:02:07 AM
To: mapserver-users at lists.osgeo.org<mailto:mapserver-users at lists.osgeo.org> <mapserver-users at lists.osgeo.org<mailto:mapserver-users at lists.osgeo.org>>
Subject: [mapserver-users] ows_denied_ip_list is working ?
Hi,
I see my version of mapserver don't work the ows_denied_ip_list.
I see ths other mex:
http://osgeo-org.1560.x6.nabble.com/ows-allowed-ip-list-ows-denied-ip-list-not-working-td5202667.html<https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fosgeo-org.1560.x6.nabble.com%2Fows-allowed-ip-list-ows-denied-ip-list-not-working-td5202667.html&data=02%7C01%7Csteve.lime%40state.mn.us%7C564cd4ee969a496b496208d71f13b9d6%7Ceb14b04624c445198f26b89c2159828c%7C0%7C0%7C637012041888127305&sdata=qbq9hlhRcfYQ7FdObWXGxM5w%2BYfjxLUxWc7tD8jRnYs%3D&reserved=0>
I try all the same option but nothing is work.
So I guess that instead that the ows_denied_ip_list was dismissed.
Is this confirmed ?
Thx.
A.
--
-----------------
Andrea Peri
. . . . . . . . .
qwerty àèìòù
-----------------
--
-----------------
Andrea Peri
. . . . . . . . .
qwerty àèìòù
-----------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-users/attachments/20190812/586275a1/attachment-0001.html>
More information about the mapserver-users
mailing list