[MapServer-users] Fwd: Setting up authorization for Mapserver access using Apache2 .htaccess

Neil Underhill neil.underhill at gmail.com
Thu Nov 24 13:19:50 PST 2022


Hi Scott,

thanks for the reply.  I'm not very familiar with PHP, could you explain
what a wrapper is and how to put that around the mapserv binary?
A snippet of the apache2.conf file would also be helpful.

Cheers,

Neil



On Wed, 16 Nov 2022 at 22:58, Scott <public at postholer.com> wrote:

> Another way is to put a wrapper around your mapserv binary. I use PHP,
> call my wrapper 'reflect' then let apache know to use PHP on 'reflect'.
> Note the lack of .php extension. If you did have the extension no extra
> modifications to apache conf would be required.
>
> This has huge benefits. The single biggest advantage is I can use a
> non-standard WMS uri, ie, pass only a width or height then calculate the
> missing dimension from bbox. This always results in a perfect aspect
> ratio for the resulting image. (Yes, GeoServer uses the name 'reflect',
> too. No accident).
>
> I also use it for security screening. 'GetCapabilities' has also been
> intercepted and largely disabled.
>
> On 11/16/22 12:00, Neil Underhill wrote:
> >
> > Posting here as I didn't yet get a reply to the same query on
> > StackOverflow
> > (
> https://stackoverflow.com/questions/74309087/setting-up-authorization-to-mapserver-using-apache2-htaccess
> <
> https://stackoverflow.com/questions/74309087/setting-up-authorization-to-mapserver-using-apache2-htaccess
> >).
> >
> > I am running a website with Apache/2.4.53 (Debian) and Mapserver 7.6.2.
> > I have set up a 'secure' part of the web site following instructions
> > here:
> >
> https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04
> <
> https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04>
> .
> >
> > I would now like to display some geospatial data held in Mapserver via
> > an Openlayers WFS map on the secure site. The challenge I have is that
> > once a user logs in, they can see the MapServer access details in the
> > Openlayers script so have the server URL and mapfile name, and can
> > access this outside the secure site i.e. without going through Apache
> > authentication.
> >
> > There was some discussion about securing access MapServer 11 years ago
> > (
> https://gis.stackexchange.com/questions/5686/securing-wms-against-unauthorized-access
> <
> https://gis.stackexchange.com/questions/5686/securing-wms-against-unauthorized-access>)
> but this didn't seem applicable.
> >
> > As I understand it Mapserver is accessed through a CGI to which requests
> > are redirected through Apache. Would moving the /usr/bin/mapserv
> > executable into a folder managed by Apache2 work? (as seems to be
> > suggested here:
> >
> https://stackoverflow.com/questions/51850322/cgi-bin-htaccess-or-apache2-config-rules-bring-up-password-dialog-but-cgi-exec
> <
> https://stackoverflow.com/questions/51850322/cgi-bin-htaccess-or-apache2-config-rules-bring-up-password-dialog-but-cgi-exec
> >
> >
> > Any advice appreciated.
> >
> > _______________________________________________
> > MapServer-users mailing list
> > MapServer-users at lists.osgeo.org
> > https://lists.osgeo.org/mailman/listinfo/mapserver-users
> _______________________________________________
> MapServer-users mailing list
> MapServer-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-users/attachments/20221124/0d95e94f/attachment.htm>


More information about the MapServer-users mailing list