WMS & WFS Configuration Guide
Step-by-step instructions for enabling, securing, and optimizing OGC Web Map and Web Feature Services in GeoServer.
Overview
GeoServer implements the OGC Web Map Service (WMS) and Web Feature Service (WFS) standards to publish geospatial data over HTTP. WMS serves rendered map images (PNG, JPEG, SVG), while WFS delivers raw vector features (GML, GeoJSON, KML) for client-side styling and analysis.
Prerequisites
- Running GeoServer instance (v2.21+ recommended)
- Administrator credentials (
admin/geoserverdefault) - At least one configured Data Store (PostGIS, Shapefile, GeoPackage, etc.)
- Published Layer Group or individual Layers
Enable & Configure WMS
1. Verify WMS is Active
Home → Services in the GeoServer Web UI. Ensure Web Map Service (WMS) is toggled ON.
EPSG:4326 or EPSG:3857), image format (image/png), and transparent rendering toggle.
2. Publish a Layer for WMS
# Example: Requesting a WMS map image
curl -G "http://localhost:8080/geoserver/workspace/wms" \
--data-urlencode "SERVICE=WMS" \
--data-urlencode "VERSION=1.3.0" \
--data-urlencode "REQUEST=GetMap" \
--data-urlencode "LAYERS=workspace:layer_name" \
--data-urlencode "STYLES=" \
--data-urlencode "CRS=EPSG:3857" \
--data-urlencode "BBOX=-180,-90,180,90" \
--data-urlencode "WIDTH=800" \
--data-urlencode "HEIGHT=400" \
--data-urlencode "FORMAT=image/png"Configure WFS
1. Enable WFS
In Home → Services → Web Feature Service (WFS), ensure WFS is ON. Set the Maximum features limit (default: 100) to prevent excessive payloads.
2. Configure Output Formats
Scroll to Output formats. Enable GeoJSON (recommended for modern clients), GML 2/3, and KML as needed. Disable unused formats to improve performance.
3. Publish Features
# Example: Fetching WFS features as GeoJSON
curl -G "http://localhost:8080/geoserver/workspace/wfs" \
--data-urlencode "SERVICE=WFS" \
--data-urlencode "VERSION=2.0.0" \
--data-urlencode "REQUEST=GetFeature" \
--data-urlencode "TYPENAME=workspace:layer_name" \
--data-urlencode "OUTPUTFORMAT=application/json" \
--data-urlencode "COUNT=50"outputFormat=application/json natively. For legacy clients, use text/xml; subtype=gml/3.1.1.
Layer Permissions & Security
GeoServer uses role-based access control (RBAC) to secure WMS/WFS endpoints. Configure permissions per layer or layer group:
- Go to
Security → Layer Security - Click
Configurenext to the target workspace/layer - Set rules:
- WMS Publish: Controls rendering access
- WFS Publish: Controls feature retrieval
- WFS Transaction: Controls INSERT/UPDATE/DELETE
- Assign roles:
ADMIN,USER, or custom groups
Unauthenticated requests will return 403 Forbidden if publishing is restricted.
REST API Quick Configuration
Automate WMS/WFS setup using GeoServer's REST API. Requires the rest extension enabled.
Enable Service via REST
# Enable WFS and set max features
curl -X PUT \
-H "Content-Type: text/xml" \
-u admin:geoserver \
"http://localhost:8080/geoserver/rest/services/wfs/service.xml" \
-d '<Service>
<enabled>true</enabled>
<Advertised>true</Advertised>
<Settings>
<key>MAXFEATURES</key>
<value>1000</value>
</Settings>
</Service>'Troubleshooting
Common Issues & Fixes
- 403 Forbidden on WFS GetFeature → Check Layer Security rules. Ensure
WFS Publishis allowed for the requesting role. - Invalid SRS / CRS Error → Verify the requested
CRSis listed in the layer'sSupported CRSsection. Add EPSG codes underProjections. - Slow WMS Rendering → Enable
Tile Caching(GeoWebCache), increaseMax Buffer Size, and disableStrict SRS checkingif using dynamic projections. - WFS Returns Empty Features → Check filter syntax, data store connectivity, and ensure the layer has actual geometry records.
For detailed logs, enable DEBUG logging in Logging → GeoServer Logging or check WEB-INF/logs/geoserver.log.