Environment Variables

Background

A number of environment variables can be used to control MapServer’s behavior or specify the location of some resources.

Tip

In terms of GDAL, for a good list of GDAL’s possible variables to use (to help control data access in MapServer), see the GDAL wiki. The main GDAL site also has a list.

List of all possible MapServer Environment Variables

CURL_CA_BUNDLE

Added in version 5.4.1.

Used to specify the location of the Certificate Authority (CA) bundle file to be used by Curl when using HTTPS connections in WMS/WFS client layers. Curl comes bundled with its own CA bundle by default, so this variable is not required unless you have an unusual installation:

export CURL_CA_BUNDLE=/path/to/ca-bundle.crt
MS_DEBUGLEVEL

Added in version 5.0.

A default DEBUG level value can be set using the MS_DEBUGLEVEL environment variable in combination with the MS_ERRORFILE variable.

When set, this value is used as the default debug level value for all map and layer objects as they are loaded by the mapfile parser. This option also sets the debug level for any msDebug() call located outside of the context of a map or layer object, for instance for debug statements relating to initialization before a map is loaded. If a DEBUG value is also specified in the mapfile in some map or layer objects then the local value (in the mapfile) takes precedence over the value of the environment variable.

This option is mostly useful when tuning applications by enabling timing/debug output before the map is loaded, to capture the full process initialization and map loading time, for instance.

MS_ENCRYPTION_KEY

Added in version 4.10.

Zie ook

msencrypt

MS_ERRORFILE

The MS_ERRORFILE environment variable specifies the location of the logging/debug output, with possible values being either a file path on disk, or one of the following special values:

  • “stderr” to send output to standard error. Under Apache stderr is the Apache error_log file. Under IIS stderr goes to stdout so its use is discouraged. With IIS it is recommended to do direct output to a file on disk instead.

  • “stdout” to send output to standard output, combined with the rest of MapServer’s output.

  • “windowsdebug” to send output to the Windows OutputDebugString API, allowing the use of external programs like SysInternals debugview to display the debug output.

It is possible to specify MS_ERRORFILE either as an environment variable or via a CONFIG directive inside a mapfile:

CONFIG  "MS_ERRORFILE" "/tmp/mapserver.log"

or:

CONFIG  "MS_ERRORFILE" "stderr"

If both the MS_ERRORFILE environment variable is set and a CONFIG MS_ERRORFILE is set, then the CONFIG directive takes precedence.

If MS_ERRORFILE is not set, then error/debug logging is disabled. During parsing of a mapfile, error/debug logging may become available only after the MS_ERRORFILE directive has been parsed.

MS_MAP_NO_PATH

Added in version 5.4.

The MS_MAP_NO_PATH environment variable can be set to any value to forbid the use of explicit paths in the map=… URL parameter. Setting MS_MAP_NO_PATH to any value forces the use of the map=<env_variable_name> mechanism in mapserv CGI URLs.

If this variable is not set then nothing changes and the mapserv CGI still accepts explicit file paths via the map=… URL parameter.

Example, set set MS_MAP_NOPATH and some mapfile paths in Apache’s httpd.conf:

SetEnv MS_MAP_NO_PATH "foo"
SetEnv MY_MAPFILE "/opt/mapserver/map1/mymapfile.map"

and then calls the mapserv CGI must use environment variables for the map=… parameter:

http://localhost/cgi-bin/mapserv?map=MY_MAPFILE&mode=...
MS_MAPFILE

The mapfile to use if the map=… URL parameter is not provided.

It is also possible to use an environment variable name as the value of the map=… URL parameter. The value of this environment variable will be used as the mapfile path:

map=ENV_VAR
MS_MAPFILE_PATTERN

MS_MAPFILE_PATTERN can be used to override the default regular expression which is used to validate mapfile filename extensions.

The default value for this variable is:

MS_MAPFILE_PATTERN='\.map$'
MS_MAP_BAD_PATTERN

Added in version 7.6.3.

The MS_MAP_BAD_PATTERN environment variable can be used to specify a Regular Expression to catch & not allow problematic character sequences in any mapfile paths passed to the mapserv CGI in the map=… URL parameter. If the value matches then an error is generated. By default all MapServer installations (since 7.6.3) set a hardcoded value for MS_MAP_BAD_PATTERN of:

[/\\]{2}|[/\\]?\\.+[/\\]|,

which will therefore not allow “/../” or “//” in the map value.

For Windows users, MS4W uses the PCRE regex library (which requires a slightly different regex syntax), so all future MS4W releases will contain the following default MS_MAP_BAD_PATTERN enabled (to not allow “/../” or “//” in the map value) :

[\/\\\\]{2}|[\/\\\\]?\.{2,}[\/\\\\]|,

For more Windows information see Securing your MS4W Installation

Zie ook

Limit Mapfile Access & Associated Pull Request for the 7.6.3 release

MS_CONTEXT_BAD_PATTERN

Added in version 8.0.1.

The MS_CONTEXT_BAD_PATTERN environment variable can be used to specify a Regular Expression to catch & not allow problematic character sequences in any map context paths passed to the mapserv CGI in the context=… URL parameter. If the value matches then an error is generated. By default all MapServer installations (since 8.0.1) set a hardcoded value for MS_CONTEXT_BAD_PATTERN of:

[/\\]{2}|[/\\]?\\.+[/\\]|,

which will therefore not allow “/../” or “//” in the map context value.

For Windows users, MS4W uses the PCRE regex library (which requires a slightly different regex syntax), so all future MS4W releases will contain the following default MS_MAP_BAD_CONTEXT_PATTERN enabled (to not allow “/../” or “//” in the map context value) :

[\/\\\\]{2}|[\/\\\\]?\.{2,}[\/\\\\]|,

For more Windows information see Securing your MS4W Installation

MS_CONTEXT_PATTERN

Added in version 8.0.1.

The MS_CONTEXT_PATTERN environment variable can be used to specify a Regular Expression that must be matched by all file paths passed to the mapserv CGI in the context=… URL parameter.

If MS_CONTEXT_PATTERN is not set then no map context can be loaded.

Apache’s SetEnv directive can be used to restrict mapfiles to a specific directory and subdirectories.

  • Unix users may set the following expression in Apache to restrict mapfiles to the /opt/mapserver directory and subdirectories:

    SetEnv MS_CONTEXT_PATTERN "^\/opt\/mapserver\/([^\.][_A-Za-z0-9\-\.]+\/{1})*([_A-Za-z0-9\-\.]+\.(xml))$"
    
  • Windows Apache/MS4W users can set the following expression in the Apache conf file, to limit the possible MAP= paths to the common C:/ms4w/apps/ directory (where all MS4W mapfiles and applications live), allow encoded urls, allow “.” or “_” or “-” in MAP= paths but disallow “..” directory traversing:

    SetEnv MS_CONTEXT_PATTERN "^(C:)?\/ms4w\/apps\/((?!\.{2})[_A-Za-z0-9\-\.]+\/{1})*([_A-Za-z0-9\-\.]+\.(xml))$"
    

    Notitie

    MS4W users can see specific examples at: https://ms4w.com/README_INSTALL.html#securing-your-ms4w-installation

MS_MAP_PATTERN

Added in version 5.4.

The MS_MAP_PATTERN environment variable can be used to specify a Regular Expression that must be matched by all mapfile paths passed to the mapserv CGI in the map=… URL parameter.

If MS_MAP_PATTERN is not set then any .map file can be loaded.

Apache’s SetEnv directive can be used to restrict mapfiles to a specific directory and subdirectories.

  • Unix users may set the following expression in Apache to restrict mapfiles to the /opt/mapserver directory and subdirectories:

    SetEnv MS_MAP_PATTERN "^\/opt\/mapserver\/([^\.][_A-Za-z0-9\-\.]+\/{1})*([_A-Za-z0-9\-\.]+\.(map))$"
    
  • Windows Apache/MS4W users can set the following expression in the Apache conf file, to limit the possible MAP= paths to the common C:/ms4w/apps/ directory (where all MS4W mapfiles and applications live), allow encoded urls, allow “.” or “_” or “-” in MAP= paths but disallow “..” directory traversing:

    SetEnv MS_MAP_PATTERN "^(C:)?\/ms4w\/apps\/((?!\.{2})[_A-Za-z0-9\-\.]+\/{1})*([_A-Za-z0-9\-\.]+\.(map))$"
    

    Notitie

    MS4W users can see specific examples at: https://ms4w.com/README_INSTALL.html#securing-your-ms4w-installation

MS_MODE

Default value for the mode=… URL parameter. Setting mode=… in the URL takes precedence over the environment variable.

MS_OPENLAYERS_JS_URL

The URL to the OpenLayers javascript library (can be used when testing WMS services using imagetype application/openlayers), for instance:

http://openlayers.org/api/OpenLayers.js
MS_TEMPPATH

Set the WEB TEMPPATH.

Added in version 6.0.

MS_XMLMAPFILE_XSLT

Used to enable XML Mapfile support. Points to the location of the XSLT to use for the XML->text mapfile conversion.

PROJ_LIB

The PROJ_LIB environment variable or CONFIG directive can be used to specify the directory where the PROJ data files are located (including the “proj.db” file, or “epsg” file for older PROJ versions), if they are not in the default directory where PROJ expects them.

Notitie

For the full list of possible PROJ variables to use see the official list.

Zie ook

Setting the location of the epsg file in Errors.