<div dir="ltr"><br><div class="gmail_quote"><div dir="ltr">Posting here as I didn't yet get a reply to the same query on StackOverflow (<a href="https://stackoverflow.com/questions/74309087/setting-up-authorization-to-mapserver-using-apache2-htaccess">https://stackoverflow.com/questions/74309087/setting-up-authorization-to-mapserver-using-apache2-htaccess</a>).<div><br></div><div>I am running a website with Apache/2.4.53 (Debian) and Mapserver 7.6.2. I have set up a 'secure' part of the web site following instructions here: <a href="https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04" target="_blank">https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04</a> .<br><br>I would now like to display some geospatial data held in Mapserver via an Openlayers WFS map on the secure site. The challenge I have is that once a user logs in, they can see the MapServer access details in the Openlayers script so have the server URL and mapfile name, and can access this outside the secure site i.e. without going through Apache authentication.<br><br>There was some discussion about securing access MapServer 11 years ago (<a href="https://gis.stackexchange.com/questions/5686/securing-wms-against-unauthorized-access" target="_blank">https://gis.stackexchange.com/questions/5686/securing-wms-against-unauthorized-access</a>) but this didn't seem applicable.<br><br>As I understand it Mapserver is accessed through a CGI to which requests are redirected through Apache. Would moving the /usr/bin/mapserv executable into a folder managed by Apache2 work? (as seems to be suggested here: <a href="https://stackoverflow.com/questions/51850322/cgi-bin-htaccess-or-apache2-config-rules-bring-up-password-dialog-but-cgi-exec">https://stackoverflow.com/questions/51850322/cgi-bin-htaccess-or-apache2-config-rules-bring-up-password-dialog-but-cgi-exec</a><br><br>Any advice appreciated.<br></div></div>
</div></div>