Re: [Geoserver-users] Dynamic generated image url in SLD not working in 2.23.2
Hello Steve Thank you for the information, we will try this out, it is possible to change all the pipes out 😊 Again thank you very much for the help! Med venlig hilsen Karsten Darré GIS-udvikler Fra: Ikeoka, Steve Sendt: 1. september 2023 17:40 Til: Andrea Aime ; Karsten Darré Cc: geoserver-users@lists.sourceforge.net Emne: Re: [Geoserver-users] Dynamic generated image url in SLD not working in 2.23.2 You don't often get email from steve.ike...@gdit.com<mailto:steve.ike...@gdit.com>. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> I looked at the example URL and it is getting blocked because of a "java.net.URISyntaxException: Illegal character in query". The URL checking feature was modified to reject URLs that contain invalid characters to prevent them from bypassing the URL normalization and allowing access to arbitrary URL paths. A feature enhancement would be to modify the URL normalization to properly normalize the URL path even with invalid characters in the query and fragment. If it is feasible to modify your image URLs, changing all of the "|" characters to the string "%7c" should allow it to pass the URL check although your image service will have to know to decode it. Steve Ikeoka From: Andrea Aime mailto:andrea.a...@geosolutionsgroup.com>> Sent: Friday, September 1, 2023 3:00 AM To: Karsten Darré mailto:k...@lifa.dk>> Cc: geoserver-users@lists.sourceforge.net<mailto:geoserver-users@lists.sourceforge.net> mailto:geoserver-users@lists.sourceforge.net>> Subject: Re: [Geoserver-users] Dynamic generated image url in SLD not working in 2.23.2 [External: Use caution with links & attachments] On Fri, Sep 1, 2023 at 11:34 AM Karsten Darré via Geoserver-users mailto:geoserver-users@lists.sourceforge.net>> wrote: Do any of you have an idea of what has changed in 2.23.2? New security check, described in the GeoServer 2.23.2 release announcement: https://geoserver.org/announcements/2023/07/21/geoserver-2-23-2-released.html<https://urldefense.us/v3/__https:/geoserver.org/announcements/2023/07/21/geoserver-2-23-2-released.html__;!!JRQnnSFuzw7wjAKq6ti6!093LcUCjsPHsz4dNYeVB8vsCQAG9GPSoY6BvUx4fw9K224M6ThxNCB-ssg3VfvgX961Ddiak-JQi6xBY75NrOZiWHTgEt3E$> and documented in detail here: https://docs.geoserver.org/maintain/en/user/security/urlchecks.html<https://urldefense.us/v3/__https:/docs.geoserver.org/maintain/en/user/security/urlchecks.html__;!!JRQnnSFuzw7wjAKq6ti6!093LcUCjsPHsz4dNYeVB8vsCQAG9GPSoY6BvUx4fw9K224M6ThxNCB-ssg3VfvgX961Ddiak-JQi6xBY75NrOZiWGwa3L-E$> You'll have to whitelist the host that generates the dynamic images Cheers Andrea == GeoServer Professional Services from the experts! Visit http://bit.ly/gs-services-us<https://urldefense.us/v3/__http:/bit.ly/gs-services-us__;!!JRQnnSFuzw7wjAKq6ti6!093LcUCjsPHsz4dNYeVB8vsCQAG9GPSoY6BvUx4fw9K224M6ThxNCB-ssg3VfvgX961Ddiak-JQi6xBY75NrOZiWp-DJEGE$> for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions Group phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 https://www.geosolutionsgroup.com/<https://urldefense.us/v3/__https:/www.geosolutionsgroup.com/__;!!JRQnnSFuzw7wjAKq6ti6!093LcUCjsPHsz4dNYeVB8vsCQAG9GPSoY6BvUx4fw9K224M6ThxNCB-ssg3VfvgX961Ddiak-JQi6xBY75NrOZiWp3CjB3c$> http://twitter.com/geosolutions_it<https://urldefense.us/v3/__http:/twitter.com/geosolutions_it__;!!JRQnnSFuzw7wjAKq6ti6!093LcUCjsPHsz4dNYeVB8vsCQAG9GPSoY6BvUx4fw9K224M6ThxNCB-ssg3VfvgX961Ddiak-JQi6xBY75NrOZiWRL0nMhw$> --- Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail ___ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The G
Re: [Geoserver-users] Dynamic generated image url in SLD not working in 2.23.2
I looked at the example URL and it is getting blocked because of a "java.net.URISyntaxException: Illegal character in query". The URL checking feature was modified to reject URLs that contain invalid characters to prevent them from bypassing the URL normalization and allowing access to arbitrary URL paths. A feature enhancement would be to modify the URL normalization to properly normalize the URL path even with invalid characters in the query and fragment. If it is feasible to modify your image URLs, changing all of the "|" characters to the string "%7c" should allow it to pass the URL check although your image service will have to know to decode it. Steve Ikeoka From: Andrea Aime Sent: Friday, September 1, 2023 3:00 AM To: Karsten Darré Cc: geoserver-users@lists.sourceforge.net Subject: Re: [Geoserver-users] Dynamic generated image url in SLD not working in 2.23.2 [External: Use caution with links & attachments] On Fri, Sep 1, 2023 at 11:34 AM Karsten Darré via Geoserver-users mailto:geoserver-users@lists.sourceforge.net>> wrote: Do any of you have an idea of what has changed in 2.23.2? New security check, described in the GeoServer 2.23.2 release announcement: https://geoserver.org/announcements/2023/07/21/geoserver-2-23-2-released.html<https://urldefense.us/v3/__https://geoserver.org/announcements/2023/07/21/geoserver-2-23-2-released.html__;!!JRQnnSFuzw7wjAKq6ti6!093LcUCjsPHsz4dNYeVB8vsCQAG9GPSoY6BvUx4fw9K224M6ThxNCB-ssg3VfvgX961Ddiak-JQi6xBY75NrOZiWHTgEt3E$> and documented in detail here: https://docs.geoserver.org/maintain/en/user/security/urlchecks.html<https://urldefense.us/v3/__https://docs.geoserver.org/maintain/en/user/security/urlchecks.html__;!!JRQnnSFuzw7wjAKq6ti6!093LcUCjsPHsz4dNYeVB8vsCQAG9GPSoY6BvUx4fw9K224M6ThxNCB-ssg3VfvgX961Ddiak-JQi6xBY75NrOZiWGwa3L-E$> You'll have to whitelist the host that generates the dynamic images Cheers Andrea == GeoServer Professional Services from the experts! Visit http://bit.ly/gs-services-us<https://urldefense.us/v3/__http://bit.ly/gs-services-us__;!!JRQnnSFuzw7wjAKq6ti6!093LcUCjsPHsz4dNYeVB8vsCQAG9GPSoY6BvUx4fw9K224M6ThxNCB-ssg3VfvgX961Ddiak-JQi6xBY75NrOZiWp-DJEGE$> for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions Group phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 https://www.geosolutionsgroup.com/<https://urldefense.us/v3/__https://www.geosolutionsgroup.com/__;!!JRQnnSFuzw7wjAKq6ti6!093LcUCjsPHsz4dNYeVB8vsCQAG9GPSoY6BvUx4fw9K224M6ThxNCB-ssg3VfvgX961Ddiak-JQi6xBY75NrOZiWp3CjB3c$> http://twitter.com/geosolutions_it<https://urldefense.us/v3/__http://twitter.com/geosolutions_it__;!!JRQnnSFuzw7wjAKq6ti6!093LcUCjsPHsz4dNYeVB8vsCQAG9GPSoY6BvUx4fw9K224M6ThxNCB-ssg3VfvgX961Ddiak-JQi6xBY75NrOZiWRL0nMhw$> --- Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail ___ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] Dynamic generated image url in SLD not working in 2.23.2
On Fri, Sep 1, 2023 at 11:34 AM Karsten Darré via Geoserver-users < geoserver-users@lists.sourceforge.net> wrote: > Do any of you have an idea of what has changed in 2.23.2? > New security check, described in the GeoServer 2.23.2 release announcement: https://geoserver.org/announcements/2023/07/21/geoserver-2-23-2-released.html and documented in detail here: https://docs.geoserver.org/maintain/en/user/security/urlchecks.html You'll have to whitelist the host that generates the dynamic images Cheers Andrea == GeoServer Professional Services from the experts! Visit http://bit.ly/gs-services-us for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions Group phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 https://www.geosolutionsgroup.com/ http://twitter.com/geosolutions_it --- Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail ___ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] Dynamic generated image url in SLD not working in 2.23.2
As described on the blog announcement ( https://geoserver.org/announcements/2023/07/21/geoserver-2-23-2-released.html) this release includes a URL Checking function to prevent OGC processes from calling arbitrary URLs as a security enhancement. You will need to white list the `*https://**/ImageHandler.ashx` *url (but be careful escaping those *) Ian On Fri, 1 Sept 2023 at 10:32, Karsten Darré via Geoserver-users < geoserver-users@lists.sourceforge.net> wrote: > Hello > > After upgrading to Geoserver 2.23.2 (from version 2.22.3) some of your > dynamic image url’s (In SLD’s) stopped working, and we are getting som > errors: > > *URI.normalize() not available for location: * > > *Path.normalize() not available for location: * > > *Error occurred evaluating external graphic > org.geotools.data.ows.URLCheckerException: Unable to normalize location: > * > > > > The url is as follows: > > > *https://**/ImageHandler.ashx?parameters=&imageurl=https://**/Images/NorthArrows/northmicro.png&wkt=POLYGON|((588873.93564633|6137127.0831221,|588873.93564633|6137249.5831221,|588996.43564633|6137249.5831221,|588996.43564633|6137127.0831221,|588873.93564633|6137127.0831221))&plotscale=3500&wms_scale_denominator=3306.045340050377&wms_height=1123&wms_width=794&wms_bbox=588313.93564633|589048.93564633,6136262.5831221|6137302.0831221* > > > > The url works as expected from the service we are calling and it is > returning the correct image, and have been working perfectly on older > versions of geoserver. > > Do any of you have an idea of what has changed in 2.23.2? > > > > > > Med venlig hilsen / Best regards > > > > *Karsten Darré* > > GIS-udvikler > > > ___ > Geoserver-users mailing list > > Please make sure you read the following two resources before posting to > this list: > - Earning your support instead of buying it, but Ian Turton: > http://www.ianturton.com/talks/foss4g.html#/ > - The GeoServer user list posting guidelines: > http://geoserver.org/comm/userlist-guidelines.html > > If you want to request a feature or an improvement, also see this: > https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer > > > Geoserver-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-users > -- Ian Turton ___ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users