[Tilecache] Protecting a tilecache from outside
Jacolin Yves
yjacolin at free.fr
Thu Apr 17 09:12:47 EDT 2008
Le Thursday 17 April 2008 15:07:17 Christopher Schmidt, vous avez écrit :
> On Thu, Apr 17, 2008 at 03:05:21PM +0200, Jacolin Yves wrote:
> > Hi,
> >
> > As you may know I succeed to use TC in mod_python successfully yesterday.
> > One of the last problem remains is that we would like to protect TC
> > server from people outside our website. That means only OpenLayers in
> > your website application can use it.
> >
> > In cgi mode, we used a wrapper which retrieve a key parameter and compare
> > it with the key in the file then if ok send the request to TC. As you see
> > it is not really a "secure" process.
> >
> > Here how we did with mod_python. First of all add this two line in the
> > vhost close your configuration parameter for TC:
>
> Some browsers don't send referer headers, either intentionally or
> unintentionally: might be worth keeping an eye on your traffic to check
> and make sure you aren't blocking 'valid' requests.
>
> Other than that, looks fine.
>
> -- Chris
It is what my sysadmin told me. But it seems that IE, FFox, Opera or Safari
send a referer. Do you know which navigators don't send a referer?
Thanks,
Y.
> > <Directory "/var/www/../Carto/tilecache-1.9/">
> > AddHandler python-program .py
> > PythonHandler TileCache.Service
> > PythonOption TileCacheConfig /var/www/.../Carto/cgi/tilecache.cfg
> > SetEnvIf Referer www\.lpdipro\.dev\.local\.yves intra_site_referral
> > Deny from all
> > Allow from env=intra_site_referral
> > </Directory>
> >
> > Only request form our application will be successful. If you try to
> > request TC directly you will get a "no access" error page.
> >
> > Hope it helps. If you think I am wrong, tell me ;)
> >
> > Regards,
> >
> > Y.
--
Yves Jacolin
---
http://softlibre.gloobe.org
More information about the Tilecache
mailing list