Another way is to put a wrapper around your mapserv binary. I use PHP,
call my wrapper 'reflect' then let apache know to use PHP on 'reflect'.
Note the lack of .php extension. If you did have the extension no extra
modifications to apache conf would be required.
This has huge benefits. The single biggest advantage is I can use a
non-standard WMS uri, ie, pass only a width or height then calculate the
missing dimension from bbox. This always results in a perfect aspect
ratio for the resulting image. (Yes, GeoServer uses the name 'reflect',
too. No accident).
I also use it for security screening. 'GetCapabilities' has also been
intercepted and largely disabled.
On 11/16/22 12:00, Neil Underhill wrote:
Posting here as I didn't yet get a reply to the same query on
StackOverflow
(https://stackoverflow.com/questions/74309087/setting-up-authorization-to-mapserver-using-apache2-htaccess <https://stackoverflow.com/questions/74309087/setting-up-authorization-to-mapserver-using-apache2-htaccess>).
I am running a website with Apache/2.4.53 (Debian) and Mapserver 7.6.2.
I have set up a 'secure' part of the web site following instructions
here:
https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04 <https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04> .
I would now like to display some geospatial data held in Mapserver via
an Openlayers WFS map on the secure site. The challenge I have is that
once a user logs in, they can see the MapServer access details in the
Openlayers script so have the server URL and mapfile name, and can
access this outside the secure site i.e. without going through Apache
authentication.
There was some discussion about securing access MapServer 11 years ago
(https://gis.stackexchange.com/questions/5686/securing-wms-against-unauthorized-access <https://gis.stackexchange.com/questions/5686/securing-wms-against-unauthorized-access>) but this didn't seem applicable.
As I understand it Mapserver is accessed through a CGI to which requests
are redirected through Apache. Would moving the /usr/bin/mapserv
executable into a folder managed by Apache2 work? (as seems to be
suggested here:
https://stackoverflow.com/questions/51850322/cgi-bin-htaccess-or-apache2-config-rules-bring-up-password-dialog-but-cgi-exec <https://stackoverflow.com/questions/51850322/cgi-bin-htaccess-or-apache2-config-rules-bring-up-password-dialog-but-cgi-exec>
Any advice appreciated.
_______________________________________________
MapServer-users mailing list
[email protected]
https://lists.osgeo.org/mailman/listinfo/mapserver-users
_______________________________________________
MapServer-users mailing list
[email protected]
https://lists.osgeo.org/mailman/listinfo/mapserver-users
