[MapServer-users] Fwd: Setting up authorization for Mapserver access using Apache2 .htaccess

Scott public at postholer.com
Wed Nov 16 14:58:26 PST 2022


Another way is to put a wrapper around your mapserv binary. I use PHP, 
call my wrapper 'reflect' then let apache know to use PHP on 'reflect'. 
Note the lack of .php extension. If you did have the extension no extra 
modifications to apache conf would be required.

This has huge benefits. The single biggest advantage is I can use a 
non-standard WMS uri, ie, pass only a width or height then calculate the 
missing dimension from bbox. This always results in a perfect aspect 
ratio for the resulting image. (Yes, GeoServer uses the name 'reflect', 
too. No accident).

I also use it for security screening. 'GetCapabilities' has also been 
intercepted and largely disabled.

On 11/16/22 12:00, Neil Underhill wrote:
> 
> Posting here as I didn't yet get a reply to the same query on 
> StackOverflow 
> (https://stackoverflow.com/questions/74309087/setting-up-authorization-to-mapserver-using-apache2-htaccess <https://stackoverflow.com/questions/74309087/setting-up-authorization-to-mapserver-using-apache2-htaccess>).
> 
> I am running a website with Apache/2.4.53 (Debian) and Mapserver 7.6.2. 
> I have set up a 'secure' part of the web site following instructions 
> here: 
> https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04 <https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04> .
> 
> I would now like to display some geospatial data held in Mapserver via 
> an Openlayers WFS map on the secure site. The challenge I have is that 
> once a user logs in, they can see the MapServer access details in the 
> Openlayers script so have the server URL and mapfile name, and can 
> access this outside the secure site i.e. without going through Apache 
> authentication.
> 
> There was some discussion about securing access MapServer 11 years ago 
> (https://gis.stackexchange.com/questions/5686/securing-wms-against-unauthorized-access <https://gis.stackexchange.com/questions/5686/securing-wms-against-unauthorized-access>) but this didn't seem applicable.
> 
> As I understand it Mapserver is accessed through a CGI to which requests 
> are redirected through Apache. Would moving the /usr/bin/mapserv 
> executable into a folder managed by Apache2 work? (as seems to be 
> suggested here: 
> https://stackoverflow.com/questions/51850322/cgi-bin-htaccess-or-apache2-config-rules-bring-up-password-dialog-but-cgi-exec <https://stackoverflow.com/questions/51850322/cgi-bin-htaccess-or-apache2-config-rules-bring-up-password-dialog-but-cgi-exec>
> 
> Any advice appreciated.
> 
> _______________________________________________
> MapServer-users mailing list
> MapServer-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-users



More information about the MapServer-users mailing list