[Geoserver-users] WMS output format restrictions

Alexandre_Busquets · January 15, 2014, 11:24am

Is there any way to restrict WMS output formats (JPEG, GIF, PNG, PNG 8) and
disable kml export?

Thanks.

--
View this message in context: http://osgeo-org.1560.x6.nabble.com/WMS-output-format-restrictions-tp5098123.html
Sent from the GeoServer - User mailing list archive at Nabble.com.

Christian_Mueller · January 15, 2014, 11:29am

Hi

Unfortunately not.

Now the good news. I have a mandate from a customer to add this feature but I cannot commit to a point in time.

Cheers
Christian

···

On Wed, Jan 15, 2014 at 12:24 PM, abusquets <abusquets@anonymised.com…> wrote:

Is there any way to restrict WMS output formats (JPEG, GIF, PNG, PNG 8) and
disable kml export?

Thanks.

–
View this message in context: http://osgeo-org.1560.x6.nabble.com/WMS-output-format-restrictions-tp5098123.html
Sent from the GeoServer - User mailing list archive at Nabble.com.

CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk

Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

–

DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH

Alexandre_Busquets · January 16, 2014, 8:08am

We have a solution.
Make a .htaccess file with this content

RewriteEngine on

RewriteCond %{QUERY_STRING} request=GetMap [NC]
RewriteCond %{QUERY_STRING} !format=(.*)(png|jpeg) [NC]
RewriteRule .* - [F]

RewriteCond %{REQUEST_URI} wms/kml
RewriteCond %{QUERY_STRING} layers
RewriteRule .* - [F]

RewriteRule geoserver/(.*) http://localhost:8080/geoserver/$1 [P]

--
View this message in context: http://osgeo-org.1560.x6.nabble.com/WMS-output-format-restrictions-tp5098123p5098308.html
Sent from the GeoServer - User mailing list archive at Nabble.com.

Ivan_PRICE1 · January 16, 2014, 8:36am

watch out for POST requests if you'r trying to protect sensitive data (and shapefile format?)

-i

-----Message d'origine-----
De : abusquets [mailto:abusquets@anonymised.com]
Envoyé : Thursday, 16 January 2014 09:08
À : geoserver-users@lists.sourceforge.net
Objet : Re: [Geoserver-users] WMS output format restrictions

We have a solution.
Make a .htaccess file with this content

RewriteEngine on

RewriteCond %{QUERY_STRING} request=GetMap [NC] RewriteCond %{QUERY_STRING} !format=(.*)(png|jpeg) [NC] RewriteRule .* - [F]

RewriteCond %{REQUEST_URI} wms/kml
RewriteCond %{QUERY_STRING} layers
RewriteRule .* - [F]

RewriteRule geoserver/(.*) http://localhost:8080/geoserver/$1 [P]

--
View this message in context: http://osgeo-org.1560.x6.nabble.com/WMS-output-format-restrictions-tp5098123p5098308.html
Sent from the GeoServer - User mailing list archive at Nabble.com.

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Andrea_Aime4 · January 16, 2014, 9:07am

On Thu, Jan 16, 2014 at 9:36 AM, Ivan Price <Ivan.Price@anonymised.com> wrote:

watch out for POST requests if you'r trying to protect sensitive data (and
shapefile format?)

Right, GeoServer also responds to WMS POST requests in two forms:
* xml getmap, from the SLD extension (there is a sample in the default data
dir)
* form/urlencoded type posts, with the same parameters as a GET request,
which can be used to dodge the url lenght limit restrictions imposed by
browsers

Cheers
Andrea

--
== Our support, Your Success! Visit http://opensdi.geo-solutions.it for
more information ==

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

Christian_Mueller · January 16, 2014, 9:37am

I think this solution would only work if you access Gesoerver via an apache http proxy.

Is this correct ?

Christian

···

On Thu, Jan 16, 2014 at 10:07 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:

CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk

Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

–

DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH

On Thu, Jan 16, 2014 at 9:36 AM, Ivan Price <Ivan.Price@…3844…> wrote:

watch out for POST requests if you’r trying to protect sensitive data (and shapefile format?)

Right, GeoServer also responds to WMS POST requests in two forms:

xml getmap, from the SLD extension (there is a sample in the default data dir)
form/urlencoded type posts, with the same parameters as a GET request, which can be used to dodge the url lenght limit restrictions imposed by browsers

Cheers
Andrea

–

== Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information ==

Ing. Andrea Aime

@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

Andrea_Aime4 · January 16, 2014, 9:41am

On Thu, Jan 16, 2014 at 10:37 AM, Christian Mueller <
christian.mueller@anonymised.com> wrote:

I think this solution would only work if you access Gesoerver via an
apache http proxy.

Worth mentioning maybe, we had performance issues trying to scale up apache
proxy to a large
number of concurrent requests (with Apache crashing).
Granted, we're talking about very large load here, and there is word
that more recent version of apache using the multithreaded workers work
better in this respect,
but still:

http://geo-solutions.blogspot.it/2012/08/real-world-uses-cases-troubleshooting.html

Cheers
Andrea

--
== Our support, Your Success! Visit http://opensdi.geo-solutions.it for
more information ==

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

Christian_Mueller · January 16, 2014, 10:21am

Hoping that I will find some time to add this feature into GeoServer directly.

Cheers
Christian

···

On Thu, Jan 16, 2014 at 10:41 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:

–

DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH

On Thu, Jan 16, 2014 at 10:37 AM, Christian Mueller <christian.mueller@anonymised.com> wrote:

I think this solution would only work if you access Gesoerver via an apache http proxy.

Worth mentioning maybe, we had performance issues trying to scale up apache proxy to a large
number of concurrent requests (with Apache crashing).
Granted, we’re talking about very large load here, and there is word
that more recent version of apache using the multithreaded workers work better in this respect,
but still:

http://geo-solutions.blogspot.it/2012/08/real-world-uses-cases-troubleshooting.html

Cheers

Andrea

–

== Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information ==

Ing. Andrea Aime

@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

Alexandre_Busquets · January 16, 2014, 11:45am

Sorry, I have made a mistake before.

The best way for do this is put this code on apache

ProxyPreserveHost On
ProxyRequests Off

<Proxy *>
Order allow,deny
Allow from all
</Proxy>

RewriteEngine on
RewriteCond %{QUERY_STRING} request=GetMap [NC]
RewriteCond %{QUERY_STRING} !format=(.*)(png|jpeg) [NC]
RewriteRule .* - [F]

RewriteCond %{REQUEST_URI} wms/kml
RewriteCond %{QUERY_STRING} layers
RewriteRule .* - [F]

RewriteRule geoserver/(.*) http://localhost:8080/geoserver/$1 [P]

First we have to enable proxy modules of apache

$ sudo a2enmod proxy
$ sudo a2enmod proxy_http

and then restart apache

$ sudo /etc/init.d/apache2 restart

--
View this message in context: http://osgeo-org.1560.x6.nabble.com/WMS-output-format-restrictions-tp5098123p5098372.html
Sent from the GeoServer - User mailing list archive at Nabble.com.

Alexandre_Busquets · January 16, 2014, 11:47am

Sorry, I have made a mistake before.

The best way for do this is put this code on apache

ProxyPreserveHost On
ProxyRequests Off

<Proxy *>
Order allow,deny
Allow from all
</Proxy>

RewriteEngine on
RewriteCond %{QUERY_STRING} request=GetMap [NC]
RewriteCond %{QUERY_STRING} !format=(.*)(png|jpeg) [NC]
RewriteRule .* - [F]

RewriteCond %{REQUEST_URI} wms/kml
RewriteCond %{QUERY_STRING} layers
RewriteRule .* - [F]

RewriteRule geoserver/(.*) http://localhost:8080/geoserver/$1 [P]

First we have to enable proxy modules of apache

$ sudo a2enmod proxy
$ sudo a2enmod proxy_http

and then restart apache

$ sudo /etc/init.d/apache2 restart

--
View this message in context: http://osgeo-org.1560.x6.nabble.com/WMS-output-format-restrictions-tp5098123p5098375.html
Sent from the GeoServer - User mailing list archive at Nabble.com.