Proxy handling of external data sources
HelenwoodsJNCC opened this issue · 10 comments
Can we look into the use of a proxy to handle the mixed content error when trying to load http external layers.
I have left this one open to start looking into once the mixed filter issue is resolved.
@SimonAnnetts and @JamesPe Let's have a chat about implementation when Simon is back in.
@andyb-esdm did you have a chance to look into this at all - it is something we would definitely like to pursue as part of this months support contract time.
@HelenwoodsJNCC I'm sorry. Not yet. @SimonAnnetts is on leave this week but we should have time to review and implement it this month. We'll provide an estimate first, of course.
We can add an api proxy endpoint that would proxy getCapabilities, GetMap and getFeatureInfo requests - and this proxy endpoint would return content-types of text/xml (getcapabilities) image/* (getmap) and text/htm, text/xml and text/plain for getfeatureinfo. We have a basic implementation of this in testing -
However currently ...
this is an open Internet proxy which is a bad thing as it can, in theory, be able to proxy webpages and images from any website.
We could restrict this to working with only the external WMS urls that are listed in the database and not for the any random URL in a box that users can provide, but of course that then limits the functionality.
Another idea is that the proxy could only accept requests from client where the request's referrer header parameter is set to the mapper page's URL. This could be specified in the web-api's config file. It's not absolute protection, but it should stop any casual hits to the proxy endpoint from anything other than the mapper itself.
The development time we estimate is 1 day, but we are unsure how to proceed, and how your IT guys would feel about the security concerns of this.
Thanks @SimonAnnetts. I have asked @jonparsonsjncc to take a look at your options.
@jonparsonsjncc @HelenwoodsJNCC just following up, Jon have you had chance to look into this?
Closing - discussed with Jon, this is not possible as it poses a security risk.
@JordanPinder I think @SimonAnnetts has implemented this on the server side so that only the mapper can make these requests so it's not an open proxy. @SimonAnnetts is that right?
It implements referrer checking (configurable in the appsetting.Production.json) so it's not completely open.
It also doesn't allow every type of Content-type through, only those required for geoserver - so XML (getcaps etc), image formats ( getmap), text and html files (getfeatureinfo).
It should be configured only to allow the domain that the mapper runs from.
It should be said though that the referrer is only another https header which could be faked by someone determined enough.