ows_denied_ip_list is working ?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

ows_denied_ip_list is working ?

Andrea Peri
Hi,
I see my version of mapserver don't work the ows_denied_ip_list.
I see ths other mex:

I try all the same option but nothing is work.

So I guess that instead that the ows_denied_ip_list was dismissed.
Is this confirmed ?

Thx.

A.


--
-----------------
Andrea Peri
. . . . . . . . .
qwerty àèìòù
-----------------

_______________________________________________
mapserver-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapserver-users
Reply | Threaded
Open this post in threaded view
|

Re: ows_denied_ip_list is working ?

Lime, Steve D (MNIT)
I will test and reply back. What specific version, config and tests did you try on your end?
From: mapserver-users <[hidden email]> on behalf of Andrea Peri <[hidden email]>
Sent: Saturday, July 27, 2019 9:02:07 AM
To: [hidden email] <[hidden email]>
Subject: [mapserver-users] ows_denied_ip_list is working ?
 

This message may be from an external email source.
Do not select links or open attachments unless verified. Report all suspicious emails to Minnesota IT Services Security Operations Center.



Hi,
I see my version of mapserver don't work the ows_denied_ip_list.
I see ths other mex:

I try all the same option but nothing is work.

So I guess that instead that the ows_denied_ip_list was dismissed.
Is this confirmed ?

Thx.

A.


--
-----------------
Andrea Peri
. . . . . . . . .
qwerty àèìòù
-----------------

_______________________________________________
mapserver-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapserver-users
Reply | Threaded
Open this post in threaded view
|

Re: ows_denied_ip_list is working ?

Andrea Peri
Hi,
I was using a compiled version from a recent clone of master .

I try to apply ot to WEB-> METADATA section section using this kind of values:

I try to use a list of IP directly listed using a space as separator
      "ows_denied_ip_list" "xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz"
or using a file where there is the same list one IP for line

     "ows_denied_ip_list" "file:/path-to-file/file-with-ip-list.txt"

The values listed are the possibly values of our proxy.
So I guess setting them as denied IP mapserver should refuse to give a map to every client wms using them.
Instead the map are still showed.

I'm using QGIS as wms client to test it.

A.


Il mar 30 lug 2019, 04:21 Lime, Steve D (MNIT) <[hidden email]> ha scritto:
I will test and reply back. What specific version, config and tests did you try on your end?
From: mapserver-users <[hidden email]> on behalf of Andrea Peri <[hidden email]>
Sent: Saturday, July 27, 2019 9:02:07 AM
To: [hidden email] <[hidden email]>
Subject: [mapserver-users] ows_denied_ip_list is working ?
 

This message may be from an external email source.
Do not select links or open attachments unless verified. Report all suspicious emails to Minnesota IT Services Security Operations Center.



Hi,
I see my version of mapserver don't work the ows_denied_ip_list.
I see ths other mex:

I try all the same option but nothing is work.

So I guess that instead that the ows_denied_ip_list was dismissed.
Is this confirmed ?

Thx.

A.


--
-----------------
Andrea Peri
. . . . . . . . .
qwerty àèìòù
-----------------

_______________________________________________
mapserver-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapserver-users
Reply | Threaded
Open this post in threaded view
|

Re: ows_denied_ip_list is working ?

Lime, Steve D (MNIT)

Hi Andrea: I just tested with MapServer 6.4 and 7.4 and it works as expected, at least with WMS GetMap requests. My process was:

 

1.       Make a WMS request and check the logs to confirm the IP I was showing up as.

2.       Edit the mapfile and add “ows_denied_ip_list” “my IP” to the WEB METADATA section.

3.       Perform the same WMS request in the browser – result was a WMS exception.

4.       Edit the mapfile and change the ip slightly so it shouldn’t match but leaving the directive in place.

5.       Perform the same WMS request in the browser – result was a PNG image.

 

I did tried multiple IPs in the list, with and without my IP and everything worked as expected. I did not try using an external file. I did notice with my IP in the list a GetMap request was blocked, a GetCapabilities request was not. I didn’t try a GetFeature… request.

 

Makes me wonder if you have the right IP for your test setup?

 

--Steve

 

From: Andrea Peri [mailto:[hidden email]]
Sent: Tuesday, July 30, 2019 2:30 PM
To: Lime, Steve D (MNIT) <[hidden email]>; [hidden email]
Subject: Re: [mapserver-users] ows_denied_ip_list is working ?

 

Hi,

I was using a compiled version from a recent clone of master .

 

I try to apply ot to WEB-> METADATA section section using this kind of values:

 

I try to use a list of IP directly listed using a space as separator

      "ows_denied_ip_list" "xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz"

or using a file where there is the same list one IP for line

 

     "ows_denied_ip_list" "file:/path-to-file/file-with-ip-list.txt"

 

The values listed are the possibly values of our proxy.

So I guess setting them as denied IP mapserver should refuse to give a map to every client wms using them.

Instead the map are still showed.

 

I'm using QGIS as wms client to test it.

 

A.

 

 

Il mar 30 lug 2019, 04:21 Lime, Steve D (MNIT) <[hidden email]> ha scritto:

I will test and reply back. What specific version, config and tests did you try on your end?


From: mapserver-users <[hidden email]> on behalf of Andrea Peri <[hidden email]>
Sent: Saturday, July 27, 2019 9:02:07 AM
To: [hidden email] <[hidden email]>
Subject: [mapserver-users] ows_denied_ip_list is working ?

 

Hi,

I see my version of mapserver don't work the ows_denied_ip_list.

I see ths other mex:

 

I try all the same option but nothing is work.

 

So I guess that instead that the ows_denied_ip_list was dismissed.

Is this confirmed ?

 

Thx.

 

A.

 


--

-----------------
Andrea Peri
. . . . . . . . .
qwerty àèìòù
-----------------


_______________________________________________
mapserver-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapserver-users
Reply | Threaded
Open this post in threaded view
|

Re: ows_denied_ip_list is working ?

Andrea Peri
Hi Steve,

thx for your test.
I do more test to try to understand better what I'm wrong.

Just to do a better with an more large IP range.
Is possibile to use the IP/CIDR sintax to describe the IP range or need to list all the IP denied ?

A.

Thx,


Il giorno mer 31 lug 2019 alle ore 23:50 Lime, Steve D (MNIT) <[hidden email]> ha scritto:

Hi Andrea: I just tested with MapServer 6.4 and 7.4 and it works as expected, at least with WMS GetMap requests. My process was:

 

1.       Make a WMS request and check the logs to confirm the IP I was showing up as.

2.       Edit the mapfile and add “ows_denied_ip_list” “my IP” to the WEB METADATA section.

3.       Perform the same WMS request in the browser – result was a WMS exception.

4.       Edit the mapfile and change the ip slightly so it shouldn’t match but leaving the directive in place.

5.       Perform the same WMS request in the browser – result was a PNG image.

 

I did tried multiple IPs in the list, with and without my IP and everything worked as expected. I did not try using an external file. I did notice with my IP in the list a GetMap request was blocked, a GetCapabilities request was not. I didn’t try a GetFeature… request.

 

Makes me wonder if you have the right IP for your test setup?

 

--Steve

 

From: Andrea Peri [mailto:[hidden email]]
Sent: Tuesday, July 30, 2019 2:30 PM
To: Lime, Steve D (MNIT) <[hidden email]>; [hidden email]
Subject: Re: [mapserver-users] ows_denied_ip_list is working ?

 

Hi,

I was using a compiled version from a recent clone of master .

 

I try to apply ot to WEB-> METADATA section section using this kind of values:

 

I try to use a list of IP directly listed using a space as separator

      "ows_denied_ip_list" "xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz"

or using a file where there is the same list one IP for line

 

     "ows_denied_ip_list" "file:/path-to-file/file-with-ip-list.txt"

 

The values listed are the possibly values of our proxy.

So I guess setting them as denied IP mapserver should refuse to give a map to every client wms using them.

Instead the map are still showed.

 

I'm using QGIS as wms client to test it.

 

A.

 

 

Il mar 30 lug 2019, 04:21 Lime, Steve D (MNIT) <[hidden email]> ha scritto:

I will test and reply back. What specific version, config and tests did you try on your end?


From: mapserver-users <[hidden email]> on behalf of Andrea Peri <[hidden email]>
Sent: Saturday, July 27, 2019 9:02:07 AM
To: [hidden email] <[hidden email]>
Subject: [mapserver-users] ows_denied_ip_list is working ?

 

Hi,

I see my version of mapserver don't work the ows_denied_ip_list.

I see ths other mex:

 

I try all the same option but nothing is work.

 

So I guess that instead that the ows_denied_ip_list was dismissed.

Is this confirmed ?

 

Thx.

 

A.

 


--

-----------------
Andrea Peri
. . . . . . . . .
qwerty àèìòù
-----------------



--
-----------------
Andrea Peri
. . . . . . . . .
qwerty àèìòù
-----------------

_______________________________________________
mapserver-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapserver-users
Reply | Threaded
Open this post in threaded view
|

Re: ows_denied_ip_list is working ?

Lime, Steve D (MNIT)

The original RFC that proposed the feature addition does reference using CIDR notation for ips. I’ve not tested that specifically though…

 

From: Andrea Peri [mailto:[hidden email]]
Sent: Monday, August 12, 2019 5:56 AM
To: Lime, Steve D (MNIT) <[hidden email]>
Cc: [hidden email]
Subject: Re: [mapserver-users] ows_denied_ip_list is working ?

 

This message may be from an external email source.

Do not select links or open attachments unless verified. Report all suspicious emails to Minnesota IT Services Security Operations Center.

 

Hi Steve,

 

thx for your test.

I do more test to try to understand better what I'm wrong.

 

Just to do a better with an more large IP range.

Is possibile to use the IP/CIDR sintax to describe the IP range or need to list all the IP denied ?

 

A.

 

Thx,

 

 

Il giorno mer 31 lug 2019 alle ore 23:50 Lime, Steve D (MNIT) <[hidden email]> ha scritto:

Hi Andrea: I just tested with MapServer 6.4 and 7.4 and it works as expected, at least with WMS GetMap requests. My process was:

 

1.       Make a WMS request and check the logs to confirm the IP I was showing up as.

2.       Edit the mapfile and add “ows_denied_ip_list” “my IP” to the WEB METADATA section.

3.       Perform the same WMS request in the browser – result was a WMS exception.

4.       Edit the mapfile and change the ip slightly so it shouldn’t match but leaving the directive in place.

5.       Perform the same WMS request in the browser – result was a PNG image.

 

I did tried multiple IPs in the list, with and without my IP and everything worked as expected. I did not try using an external file. I did notice with my IP in the list a GetMap request was blocked, a GetCapabilities request was not. I didn’t try a GetFeature… request.

 

Makes me wonder if you have the right IP for your test setup?

 

--Steve

 

From: Andrea Peri [mailto:[hidden email]]
Sent: Tuesday, July 30, 2019 2:30 PM
To: Lime, Steve D (MNIT) <[hidden email]>; [hidden email]
Subject: Re: [mapserver-users] ows_denied_ip_list is working ?

 

Hi,

I was using a compiled version from a recent clone of master .

 

I try to apply ot to WEB-> METADATA section section using this kind of values:

 

I try to use a list of IP directly listed using a space as separator

      "ows_denied_ip_list" "xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz"

or using a file where there is the same list one IP for line

 

     "ows_denied_ip_list" "file:/path-to-file/file-with-ip-list.txt"

 

The values listed are the possibly values of our proxy.

So I guess setting them as denied IP mapserver should refuse to give a map to every client wms using them.

Instead the map are still showed.

 

I'm using QGIS as wms client to test it.

 

A.

 

 

Il mar 30 lug 2019, 04:21 Lime, Steve D (MNIT) <[hidden email]> ha scritto:

I will test and reply back. What specific version, config and tests did you try on your end?


From: mapserver-users <[hidden email]> on behalf of Andrea Peri <[hidden email]>
Sent: Saturday, July 27, 2019 9:02:07 AM
To: [hidden email] <[hidden email]>
Subject: [mapserver-users] ows_denied_ip_list is working ?

 

Hi,

I see my version of mapserver don't work the ows_denied_ip_list.

I see ths other mex:

 

I try all the same option but nothing is work.

 

So I guess that instead that the ows_denied_ip_list was dismissed.

Is this confirmed ?

 

Thx.

 

A.

 


--

-----------------
Andrea Peri
. . . . . . . . .
qwerty àèìòù
-----------------



--

-----------------
Andrea Peri
. . . . . . . . .
qwerty àèìòù
-----------------


_______________________________________________
mapserver-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapserver-users
Reply | Threaded
Open this post in threaded view
|

Re: ows_denied_ip_list is working ?

Lime, Steve D (MNIT)

Forgot the link: https://mapserver.org/development/rfc/ms-rfc-90.html.

 

From: Lime, Steve D (MNIT)
Sent: Monday, August 12, 2019 10:23 AM
To: Andrea Peri <[hidden email]>
Cc: [hidden email]
Subject: RE: [mapserver-users] ows_denied_ip_list is working ?

 

The original RFC that proposed the feature addition does reference using CIDR notation for ips. I’ve not tested that specifically though…

 

From: Andrea Peri [[hidden email]]
Sent: Monday, August 12, 2019 5:56 AM
To: Lime, Steve D (MNIT) <[hidden email]>
Cc: [hidden email]
Subject: Re: [mapserver-users] ows_denied_ip_list is working ?

 

This message may be from an external email source.

Do not select links or open attachments unless verified. Report all suspicious emails to Minnesota IT Services Security Operations Center.

 

Hi Steve,

 

thx for your test.

I do more test to try to understand better what I'm wrong.

 

Just to do a better with an more large IP range.

Is possibile to use the IP/CIDR sintax to describe the IP range or need to list all the IP denied ?

 

A.

 

Thx,

 

 

Il giorno mer 31 lug 2019 alle ore 23:50 Lime, Steve D (MNIT) <[hidden email]> ha scritto:

Hi Andrea: I just tested with MapServer 6.4 and 7.4 and it works as expected, at least with WMS GetMap requests. My process was:

 

1.       Make a WMS request and check the logs to confirm the IP I was showing up as.

2.       Edit the mapfile and add “ows_denied_ip_list” “my IP” to the WEB METADATA section.

3.       Perform the same WMS request in the browser – result was a WMS exception.

4.       Edit the mapfile and change the ip slightly so it shouldn’t match but leaving the directive in place.

5.       Perform the same WMS request in the browser – result was a PNG image.

 

I did tried multiple IPs in the list, with and without my IP and everything worked as expected. I did not try using an external file. I did notice with my IP in the list a GetMap request was blocked, a GetCapabilities request was not. I didn’t try a GetFeature… request.

 

Makes me wonder if you have the right IP for your test setup?

 

--Steve

 

From: Andrea Peri [mailto:[hidden email]]
Sent: Tuesday, July 30, 2019 2:30 PM
To: Lime, Steve D (MNIT) <[hidden email]>; [hidden email]
Subject: Re: [mapserver-users] ows_denied_ip_list is working ?

 

Hi,

I was using a compiled version from a recent clone of master .

 

I try to apply ot to WEB-> METADATA section section using this kind of values:

 

I try to use a list of IP directly listed using a space as separator

      "ows_denied_ip_list" "xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz"

or using a file where there is the same list one IP for line

 

     "ows_denied_ip_list" "file:/path-to-file/file-with-ip-list.txt"

 

The values listed are the possibly values of our proxy.

So I guess setting them as denied IP mapserver should refuse to give a map to every client wms using them.

Instead the map are still showed.

 

I'm using QGIS as wms client to test it.

 

A.

 

 

Il mar 30 lug 2019, 04:21 Lime, Steve D (MNIT) <[hidden email]> ha scritto:

I will test and reply back. What specific version, config and tests did you try on your end?


From: mapserver-users <[hidden email]> on behalf of Andrea Peri <[hidden email]>
Sent: Saturday, July 27, 2019 9:02:07 AM
To: [hidden email] <[hidden email]>
Subject: [mapserver-users] ows_denied_ip_list is working ?

 

Hi,

I see my version of mapserver don't work the ows_denied_ip_list.

I see ths other mex:

 

I try all the same option but nothing is work.

 

So I guess that instead that the ows_denied_ip_list was dismissed.

Is this confirmed ?

 

Thx.

 

A.

 


--

-----------------
Andrea Peri
. . . . . . . . .
qwerty àèìòù
-----------------



--

-----------------
Andrea Peri
. . . . . . . . .
qwerty àèìòù
-----------------


_______________________________________________
mapserver-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapserver-users