Greetings Roy,
Has anyone touched base with you regarding this? I'm not sure what the
ncWMS server does with headers, so it's hard for me to diagnose what could
be going on here. The only suggestion I would have it to reach out to the
team at Reading to see if they have any ideas:
https://github.com/Reading-eScience-Centre/ncwms
Cheers,
Sean
On Tue, Jan 30, 2018 at 2:26 PM, Roy Mendelssohn - NOAA Federal <
roy.mendelssohn@xxxxxxxx> wrote:
> More on this. While the GetCapablities request fails, an actual data
> request works, such as:
>
> http://oceanwatch.pfeg.noaa.gov/thredds/wms/satellite/
> MUR41/ssta/1day?service=WMS&version=1.3.0&REQUEST=GetMap&
> FORMAT=image/png&TRANSPARENT=true&LAYERS=analysed_sst&CRS=CRS:84&BBOX=144.
> 19169464111326,13.104493835908743,145.3583053588867,13.
> 795008606858243&WIDTH=1699&HEIGHT=1034&TIME=2018-01-
> 29T09:00:00Z&STYLES=boxfill/rainbow&NUMCOLORBANDS=256&
> COLORSCALERANGE=301.06262,301.447024&ABOVEMAXCOLOR=extend&
> BELOWMINCOLOR=extend
>
> Interesting the WCS GetCapabilites works. But as I said, there are
> interactions here with a lot of things and it more than I know.
>
> -Roy
>
>
> > On Jan 30, 2018, at 12:13 PM, Roy Mendelssohn - NOAA Federal <
> roy.mendelssohn@xxxxxxxx> wrote:
> >
> > Hi All:
> >
> > The WMS endpoints in our TDS were all working fine, until based on a
> security audit we had to add some things to our Apache configuration. So
> for example we have to completely block displaying the contents of
> directories, so "Options" can not have "Indexes" or "Multiview" and also
> we need things like:
> >
> > <IfModule mod_headers.c>
> > Header set X-Content-Type-Options nosniff
> > Header set X-XSS-Protection "1; mode=block"
> > </IfModule>
> >
> > With this changes all of the other services work fine, but the WMS
> endpoints (all that I have tried), fail. These security changes to Apache
> are the only things that have changed - none of the TDS related files or
> settings have been altered, see for example:
> >
> >
> > http://oceanwatch.pfeg.noaa.gov/thredds/Satellite/MUR41/
> catalog.html?dataset=satellite/MUR41/ssta/1day
> >
> > http://oceanwatch.pfeg.noaa.gov/thredds/Satellite/MUR41/
> catalog.html?dataset=satellite/MUR41/ssta/mday
> >
> > Clearly there is some interaction here between the Apache server and the
> WMS service, but is beyond what I know.
> >
> > Thanks for any help.
> >
> > -Roy
> >
> >
> >
> > **********************
> > "The contents of this message do not reflect any position of the U.S.
> Government or NOAA."
> > **********************
> > Roy Mendelssohn
> > Supervisory Operations Research Analyst
> > NOAA/NMFS
> > Environmental Research Division
> > Southwest Fisheries Science Center
> > ***Note new street address***
> > 110 McAllister Way
> > Santa Cruz, CA 95060
> > Phone: (831)-420-3666
> > Fax: (831) 420-3980
> > e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
> >
> > "Old age and treachery will overcome youth and skill."
> > "From those who have been given much, much will be expected"
> > "the arc of the moral universe is long, but it bends toward justice"
> -MLK Jr.
> >
>
> **********************
> "The contents of this message do not reflect any position of the U.S.
> Government or NOAA."
> **********************
> Roy Mendelssohn
> Supervisory Operations Research Analyst
> NOAA/NMFS
> Environmental Research Division
> Southwest Fisheries Science Center
> ***Note new street address***
> 110 McAllister Way
> Santa Cruz, CA 95060
> Phone: (831)-420-3666
> Fax: (831) 420-3980
> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
>
> "Old age and treachery will overcome youth and skill."
> "From those who have been given much, much will be expected"
> "the arc of the moral universe is long, but it bends toward justice" -MLK
> Jr.
>
> _______________________________________________
> NOTE: All exchanges posted to Unidata maintained email lists are
> recorded in the Unidata inquiry tracking system and made publicly
> available through the web. Users who post to any of the lists we
> maintain are reminded to remove any personal information that they
> do not want to be made public.
>
>
> thredds mailing list
> thredds@xxxxxxxxxxxxxxxx
> For list information or to unsubscribe, visit:
> http://www.unidata.ucar.edu/mailing_lists/
>
