Hi Jody Garnett, Thanks for response and support. Now issue is resolved.
Regards, Kajal From: Jody Garnett <jody.garn...@gmail.com> Sent: 10 January 2024 12:41 To: Kajal Shrawan Katoke <kajal.kat...@india.nec.com> Cc: CHANDRADEEP KUMAR <chandradeep.ku...@india.nec.com>; Madhu <mad...@india.nec.com>; geoserver-users@lists.sourceforge.net Subject: Re: [Geoserver-users] Query regarding WMS service You don't often get email from jody.garn...@gmail.com<mailto:jody.garn...@gmail.com>. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> External Message: Please be cautious when opening links or attachments in email Dear Kajal, This is a list of volunteers, and I expect everyone like me is challenged to understand what you are doing. The words make sense but we do not know why 🙂 Like if you just want a tile map service you can do that with an FTP site a set of static files why use GeoServer? I guess we just do not know what WMS vulnerabilities you are concerned about, and this would not be the right place to discuss them (a public forum). Please see our security policy for more secure communication channels for such discussion, or reach out to one of our service providers for assistance. As for your approach it will do something, but nobody is feel great offering you security advise without understanding your concerns and risk. GeoServer security access chains are very flexible and could be used to lock down services similar to what you are achieving with NginX. There is also environmental variables to turn of the Admin Console and so on. -- Jody Garnett On Jan 9, 2024 at 9:51:02 PM, Kajal Shrawan Katoke via Geoserver-users <geoserver-users@lists.sourceforge.net<mailto:geoserver-users@lists.sourceforge.net>> wrote: Hi Team, Gentle Reminder! Please provide your response for below query. As a temporary measure against WMS vulnerabilities, we using Nginx on the front end of geoserver to guard against requests other than the following patterns. ^/gis/geoserver/gwc/service/tms/1.0.0/   However, I am concerned about whether I can check all the URL patterns that call the WMS service in the GeoServer documentation to check if it is properly guarded. (This is because it is described as a calling example in various places in the document, so it is not possible to determine whether all patterns are described.)   Therefore, I would like to confirm whether above nginx configurations prevents calls to the WMS service using URL patterns that we allow. [Query] Will this method of protection (nginx configuration shared in previous mail) make the WMS service unavailable?  Thanks & regards, Kajal From: Kajal Shrawan Katoke Sent: 13 December 2023 09:07 To: 'geoserver-users@lists.sourceforge.net<mailto:geoserver-users@lists.sourceforge.net>' <Geoserver-users@lists.sourceforge.net<mailto:Geoserver-users@lists.sourceforge.net>> Cc: CHANDRADEEP KUMAR <chandradeep.ku...@india.nec.com<mailto:chandradeep.ku...@india.nec.com>>; Madhu <mad...@india.nec.com<mailto:mad...@india.nec.com>> Subject: RE: Query regarding WMS service Hi Team, We missed some content of our query please find below: [Query] Will this method of protection (nginx configuration shared in previous mail) make the WMS service unavailable?  Thanks & regards Kajal From: Kajal Shrawan Katoke Sent: 12 December 2023 11:49 To: 'geoserver-users@lists.sourceforge.net<mailto:geoserver-users@lists.sourceforge.net>' <Geoserver-users@lists.sourceforge.net<mailto:Geoserver-users@lists.sourceforge.net>> Cc: CHANDRADEEP KUMAR <chandradeep.ku...@india.nec.com<mailto:chandradeep.ku...@india.nec.com>>; Madhu <mad...@india.nec.com<mailto:mad...@india.nec.com>> Subject: Query regarding WMS service Hi Team, As a temporary measure against WMS vulnerabilities, we using Nginx on the front end of geoserver to guard against requests other than the following patterns. ^/gis/geoserver/gwc/service/tms/1.0.0/   However, I am concerned about whether I can check all the URL patterns that call the WMS service in the GeoServer documentation to check if it is properly guarded. (This is because it is described as a calling example in various places in the document, so it is not possible to determine whether all patterns are described.)   Therefore, I would like to confirm whether above nginx configurations prevents calls to the WMS service using URL patterns that we allow. Thanks & regards, Kajal The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or NEC Corporation India Private Limited or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of NEC Corporation India Private Limited or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. _______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net<mailto:Geoserver-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/geoserver-users The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or NEC Corporation India Private Limited or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of NEC Corporation India Private Limited or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately.
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
