[Tilecache] Protecting a tilecache from outside
Christopher Schmidt
crschmidt at metacarta.com
Thu Apr 17 09:07:17 EDT 2008
On Thu, Apr 17, 2008 at 03:05:21PM +0200, Jacolin Yves wrote:
> Hi,
>
> As you may know I succeed to use TC in mod_python successfully yesterday. One
> of the last problem remains is that we would like to protect TC server from
> people outside our website. That means only OpenLayers in your website
> application can use it.
>
> In cgi mode, we used a wrapper which retrieve a key parameter and compare it
> with the key in the file then if ok send the request to TC. As you see it is
> not really a "secure" process.
>
> Here how we did with mod_python. First of all add this two line in the vhost
> close your configuration parameter for TC:
Some browsers don't send referer headers, either intentionally or
unintentionally: might be worth keeping an eye on your traffic to check
and make sure you aren't blocking 'valid' requests.
Other than that, looks fine.
-- Chris
> <Directory "/var/www/../Carto/tilecache-1.9/">
> AddHandler python-program .py
> PythonHandler TileCache.Service
> PythonOption TileCacheConfig /var/www/.../Carto/cgi/tilecache.cfg
> SetEnvIf Referer www\.lpdipro\.dev\.local\.yves intra_site_referral
> Deny from all
> Allow from env=intra_site_referral
> </Directory>
>
> Only request form our application will be successful. If you try to request TC
> directly you will get a "no access" error page.
>
> Hope it helps. If you think I am wrong, tell me ;)
>
> Regards,
>
> Y.
> --
> Yves Jacolin
> ---
> http://softlibre.gloobe.org
> _______________________________________________
> Tilecache mailing list
> Tilecache at openlayers.org
> http://openlayers.org/mailman/listinfo/tilecache
--
Christopher Schmidt
MetaCarta
More information about the Tilecache
mailing list