
<div dir="ltr"><div dir="ltr">Hi Scott,<div><br></div><div>thanks for the reply.  I'm not very familiar with PHP, could you explain what a wrapper is and how to put that around the mapserv binary?</div><div>A snippet of the apache2.conf file would also be helpful.</div><div><br></div><div>Cheers,</div><div><br></div><div>Neil</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 16 Nov 2022 at 22:58, Scott <<a href="mailto:public@postholer.com">public@postholer.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Another way is to put a wrapper around your mapserv binary. I use PHP, <br>

call my wrapper 'reflect' then let apache know to use PHP on 'reflect'. <br>

Note the lack of .php extension. If you did have the extension no extra <br>

modifications to apache conf would be required.<br>

<br>

This has huge benefits. The single biggest advantage is I can use a <br>

non-standard WMS uri, ie, pass only a width or height then calculate the <br>

missing dimension from bbox. This always results in a perfect aspect <br>

ratio for the resulting image. (Yes, GeoServer uses the name 'reflect', <br>

too. No accident).<br>

<br>

I also use it for security screening. 'GetCapabilities' has also been <br>

intercepted and largely disabled.<br>

<br>

On 11/16/22 12:00, Neil Underhill wrote:<br>

> <br>

> Posting here as I didn't yet get a reply to the same query on <br>

> StackOverflow <br>

> (<a href="https://stackoverflow.com/questions/74309087/setting-up-authorization-to-mapserver-using-apache2-htaccess" rel="noreferrer" target="_blank">https://stackoverflow.com/questions/74309087/setting-up-authorization-to-mapserver-using-apache2-htaccess</a> <<a href="https://stackoverflow.com/questions/74309087/setting-up-authorization-to-mapserver-using-apache2-htaccess" rel="noreferrer" target="_blank">https://stackoverflow.com/questions/74309087/setting-up-authorization-to-mapserver-using-apache2-htaccess</a>>).<br>

> <br>

> I am running a website with Apache/2.4.53 (Debian) and Mapserver 7.6.2. <br>

> I have set up a 'secure' part of the web site following instructions <br>

> here: <br>

> <a href="https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04" rel="noreferrer" target="_blank">https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04</a> <<a href="https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04" rel="noreferrer" target="_blank">https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04</a>> .<br>

> <br>

> I would now like to display some geospatial data held in Mapserver via <br>

> an Openlayers WFS map on the secure site. The challenge I have is that <br>

> once a user logs in, they can see the MapServer access details in the <br>

> Openlayers script so have the server URL and mapfile name, and can <br>

> access this outside the secure site i.e. without going through Apache <br>

> authentication.<br>

> <br>

> There was some discussion about securing access MapServer 11 years ago <br>

> (<a href="https://gis.stackexchange.com/questions/5686/securing-wms-against-unauthorized-access" rel="noreferrer" target="_blank">https://gis.stackexchange.com/questions/5686/securing-wms-against-unauthorized-access</a> <<a href="https://gis.stackexchange.com/questions/5686/securing-wms-against-unauthorized-access" rel="noreferrer" target="_blank">https://gis.stackexchange.com/questions/5686/securing-wms-against-unauthorized-access</a>>) but this didn't seem applicable.<br>

> <br>

> As I understand it Mapserver is accessed through a CGI to which requests <br>

> are redirected through Apache. Would moving the /usr/bin/mapserv <br>

> executable into a folder managed by Apache2 work? (as seems to be <br>

> suggested here: <br>

> <a href="https://stackoverflow.com/questions/51850322/cgi-bin-htaccess-or-apache2-config-rules-bring-up-password-dialog-but-cgi-exec" rel="noreferrer" target="_blank">https://stackoverflow.com/questions/51850322/cgi-bin-htaccess-or-apache2-config-rules-bring-up-password-dialog-but-cgi-exec</a> <<a href="https://stackoverflow.com/questions/51850322/cgi-bin-htaccess-or-apache2-config-rules-bring-up-password-dialog-but-cgi-exec" rel="noreferrer" target="_blank">https://stackoverflow.com/questions/51850322/cgi-bin-htaccess-or-apache2-config-rules-bring-up-password-dialog-but-cgi-exec</a>><br>

> <br>

> Any advice appreciated.<br>

> <br>

> _______________________________________________<br>

> MapServer-users mailing list<br>

> <a href="mailto:MapServer-users@lists.osgeo.org" target="_blank">MapServer-users@lists.osgeo.org</a><br>

> <a href="https://lists.osgeo.org/mailman/listinfo/mapserver-users" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/mapserver-users</a><br>

_______________________________________________<br>

MapServer-users mailing list<br>

<a href="mailto:MapServer-users@lists.osgeo.org" target="_blank">MapServer-users@lists.osgeo.org</a><br>

<a href="https://lists.osgeo.org/mailman/listinfo/mapserver-users" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/mapserver-users</a><br>

</blockquote></div></div>