sitmun · OLamelas · Mar 23, 2026 · Mar 26, 2026 · Mar 26, 2026 · Mar 27, 2026
diff --git a/README.md b/README.md
@@ -368,13 +368,14 @@ Response:
 
 ### Environment Variables
 
-| Variable | Description | Required | Default |
-|----------|-------------|----------|---------|
-| `SITMUN_BACKEND_CONFIG_URL` | URL to backend configuration service | Yes | - |
-| `SITMUN_BACKEND_CONFIG_SECRET` | Secret key for configuration access | Yes | - |
-| `SERVER_PORT` | Application port | No | 8080 |
-| `SPRING_PROFILES_ACTIVE` | Spring profile to use | No | prod |
-
+| Variable | Description | Required | Default           |
+|----------|-------------|----------|-------------------|
+| `SITMUN_BACKEND_CONFIG_URL` | URL to backend configuration service | Yes | -                 |
+| `SITMUN_BACKEND_CONFIG_SECRET` | Secret key for configuration access | Yes | -                 |
+| `SERVER_PORT` | Application port | No | 8080              |
+| `SPRING_PROFILES_ACTIVE` | Spring profile to use | No | prod              |
+| `SITMUN_OGC_CAPABILITIES_SERVICE_PATHS` | Comma-separated OGC service path suffixes recognized when rewriting URLs in `GetCapabilities` responses | No | `wms,wfs,wcs,ows` |
+| `SITMUN_OGC_CAPABILITIES_EXTRA_SOURCES` | Comma-separated list of additional source URL prefixes to replace with the proxy URL in `GetCapabilities` responses. Use this when the backend exposes an internal address (e.g. `localhost`, a private IP) that differs from the URL configured in SITMUN | No | Empty list |
 ### Profiles
 
 #### Development Profile (`dev`)
@@ -408,6 +409,18 @@ sitmun:
     config:
       url: http://some.url
       secret: some-secret
+  ogc:
+    capabilities:
+      # OGC service path suffixes recognized when rewriting URLs in GetCapabilities responses.
+      service-paths:
+        - wms
+        - wfs
+        - wcs
+        - ows
+      # Optional extra source URL prefixes to replace with the proxy URL (empty list by default).
+      extra-sources:
+       - http://localhost:3000
+       - http://internal-geoserver:8080/geoserver
 
 # Actuator Configuration
 management:
@@ -1121,6 +1134,26 @@ The Proxy Middleware supports different service types that can be configured in
 }
 ```
 
+##### GetCapabilities URL Rewriting
+
+When a `GetCapabilities` request is proxied, the response body is post-processed to replace internal service URLs with the public proxy URL. This prevents the proxy being ignored on future requests.
+
+Two replacement steps are applied:
+
+1. **Default source**: the base URL configured in SITMUN (stripping query string and trailing OGC suffix). All its occurrences in the response body are replaced.
+2. **Extra sources**: any additional URL prefixes declared in `extra-sources` are also replaced. This covers cases where the capabilities response URLs differ from the URL stored in SITMUN. Only address before OGC suffix is taken into account.
+
+Only URLs in quoted attributes are replaced, avoiding false positives.
+
+**Example environment variables:**
+```bash
+# Override recognized OGC suffixes (optional, defaults to wms,wfs,wcs,ows)
+SITMUN_OGC_CAPABILITIES_SERVICE_PATHS=wms,wfs,wcs,ows
+
+# Replace custom addresses found in the capabilities body (optional, defaults to empty list)
+SITMUN_OGC_CAPABILITIES_EXTRA_SOURCES=http://localhost:3000,http://internal-geoserver:8080/geoserver
+```
+
 #### JDBC Services
 
 ```json

diff --git a/docker/development/docker-compose.yml b/docker/development/docker-compose.yml
@@ -22,6 +22,10 @@ services:
       - SITMUN_BACKEND_CONFIG_URL=http://sitmun-backend:8080
       - SITMUN_BACKEND_CONFIG_SECRET=your-secret-key-here
 
+      # Capabilities replacements configuration
+      - SITMUN_OGC_CAPABILITIES_SERVICE_PATHS=wms,wfs,wcs,ows
+      # - SITMUN_OGC_CAPABILITIES_EXTRA_SOURCES=http://localhost:3000,http://internal:8080/geoserver
+
       # Actuator Configuration
       - MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,info,metrics
       - MANAGEMENT_ENDPOINT_HEALTH_SHOW_DETAILS=never

diff --git a/src/main/java/org/sitmun/proxy/middleware/config/ProxyMiddlewareConfiguration.java b/src/main/java/org/sitmun/proxy/middleware/config/ProxyMiddlewareConfiguration.java
@@ -1,6 +1,8 @@
 package org.sitmun.proxy.middleware.config;
 
 import java.time.Duration;
+import org.sitmun.proxy.middleware.protocols.wms.WmsCapabilitiesProperties;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -11,6 +13,7 @@
 import org.springframework.web.filter.ForwardedHeaderFilter;
 
 @Configuration
+@EnableConfigurationProperties(WmsCapabilitiesProperties.class)
 public class ProxyMiddlewareConfiguration {
 
   @Bean

diff --git a/src/main/java/org/sitmun/proxy/middleware/protocols/wms/WmsCapabilitiesProperties.java b/src/main/java/org/sitmun/proxy/middleware/protocols/wms/WmsCapabilitiesProperties.java
@@ -0,0 +1,17 @@
+package org.sitmun.proxy.middleware.protocols.wms;
+
+import java.util.ArrayList;
+import java.util.List;
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+@ConfigurationProperties(prefix = "sitmun.ogc.capabilities")
+@Getter
+@Setter
+public class WmsCapabilitiesProperties {
+
+  private List<String> servicePaths = new ArrayList<>(List.of("wms", "wfs", "wcs", "ows"));
+
+  private List<String> extraSources = new ArrayList<>();
+}
diff --git a/...main/java/org/sitmun/proxy/middleware/protocols/wms/WmsCapabilitiesResponseDecorator.java b/...main/java/org/sitmun/proxy/middleware/protocols/wms/WmsCapabilitiesResponseDecorator.java
@@ -1,6 +1,9 @@
 package org.sitmun.proxy.middleware.protocols.wms;
 
 import java.nio.charset.StandardCharsets;
+import java.util.List;
+import java.util.regex.Pattern;
+import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.sitmun.proxy.middleware.decorator.Context;
 import org.sitmun.proxy.middleware.decorator.ResponseDecorator;
@@ -9,8 +12,11 @@
 
 @Component
 @Slf4j
+@RequiredArgsConstructor
 public class WmsCapabilitiesResponseDecorator implements ResponseDecorator {
 
+  private final WmsCapabilitiesProperties properties;
+
   @Override
   public boolean accept(Object target, Context context) {
     if (context instanceof WmsPayloadDto wmsPayloadDto) {
@@ -30,13 +36,47 @@ public void addBehavior(Object response, Context context) {
       RequestExecutorResponseImpl<byte[]> requestExecutionResponseImpl1 =
           (RequestExecutorResponseImpl<byte[]>) response;
       String s = new String(requestExecutionResponseImpl1.getBody(), StandardCharsets.UTF_8);
-      String output =
-          s.replaceAll(wmsPayloadDto.getUri(), requestExecutionResponseImpl1.getBaseUrl());
-      log.info(
-          "Replacement of {} by {} in GetCapabilities response",
-          wmsPayloadDto.getUri(),
-          requestExecutionResponseImpl1.getBaseUrl());
-      requestExecutionResponseImpl1.setBody(output.getBytes(StandardCharsets.UTF_8));
+      String fullUri = wmsPayloadDto.getUri();
+      String baseUri = fullUri.split("\\?")[0];
+
+      log.debug("WMS PAYLOAD FULL URI: {}", fullUri);
+      log.debug("WMS PAYLOAD BASE URI: {}", baseUri);
+      log.debug("REQ EXEC RES URL: {}", requestExecutionResponseImpl1.getBaseUrl());
+
+      String baseUrl = requestExecutionResponseImpl1.getBaseUrl();
+      List<String> servicePaths = properties.getServicePaths();
+      String servicePathSuffixes = String.join("|", servicePaths);
+
+      String servicePath = baseUri.replaceAll("/(?:" + servicePathSuffixes + ")/?$", "");
+      log.info("SERVICE PATH: {}", servicePath);
+      s = replace(s, servicePath, servicePathSuffixes, baseUrl);
+
+      for (String extraSource : properties.getExtraSources()) {
+        String normalizedSource = extraSource.replaceAll("/(?:" + servicePathSuffixes + ")/?$", "");
+        log.info("EXTRA SOURCE: {}", normalizedSource);
+        s = replace(s, normalizedSource, servicePathSuffixes, baseUrl);
+      }
+
+      requestExecutionResponseImpl1.setBody(s.getBytes(StandardCharsets.UTF_8));
+    }
+  }
+
+  /** Replaces all quoted occurrences of {@code source} */
+  private String replace(String content, String source, String servicePathSuffixes, String target) {
+    Pattern pattern =
+        Pattern.compile(
+            "(?<=[\"'])"
+                + Pattern.quote(source)
+                + "(?:/(?:"
+                + servicePathSuffixes
+                + "))?(?=[?\"'\\s]|$)",
+            Pattern.CASE_INSENSITIVE);
+    String result = pattern.matcher(content).replaceAll(target);
+    if (!result.equals(content)) {
+      log.info("Replacement of {} by {} in GetCapabilities response", source, target);
+    } else {
+      log.warn("No replacements of {} by {} were done in GetCapabilities response", source, target);
     }
+    return result;
   }
 }
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -10,6 +10,14 @@ sitmun:
     config:
       url: http://some.url
       secret: some-secret
+  ogc:
+    capabilities:
+      service-paths:
+        - wms
+        - wfs
+        - wcs
+        - ows
+      extra-sources: []
 
 # Actuator Configuration
 management: