Awstats password protection

Pages (5): « First < Previous 1 2 [3] 4 5 Next > Last »

Threaded Mode | Linear Mode

Awstats password protection

Author Message

NoFutureKid
Junior Member

Posts: 16
Group: Registered
Joined: May 2007
Status: Offline
Reputation: 0

Post: #21

RE: Awstats password protection

I don't get it to compile. I think it's only up to Apache 2.0, but i'm not sure.

@BeNe: Perhaps you can tell me more about your dirty hack Big Grin

01-23-2008 08:38 PM

BeNe
Moderator

Posts: 2,557
Group: Moderators
Joined: Jan 2007
Status: Offline
Reputation: 35

Post: #22

RE: Awstats password protection

Yes, of course. i modified my /etc/apache2/sites-enabled/01_awstats.conf like this

Code:

#

# AWStats Begin

#

Alias /awstatsicons "/usr/share/awstats/icon/"

NameVirtualHost 127.0.0.1:80

<VirtualHost 127.0.0.1:80>

    <IfModule mod_rewrite.c>

        RewriteEngine on

        RewriteRule ^/stats/(.+)/$ http://localhost/awstats/?config=$1 [P]

        RewriteRule ^/stats/(.+)/awstats.pl(.*)$ http://localhost/awstats/$2 [P]

    </IfModule>

    ScriptAlias /awstats "/usr/lib/cgi-bin/awstats.pl"

<Directory /usr/lib/cgi-bin>

        Options +ExecCGI

        DirectoryIndex awstats.pl

        Order allow,deny

        Allow from all

        AuthType Basic

        AuthName "AWStats"

        AuthUserFile /var/www/virtual/.htpasswd <- Could be a path...

        Require user User1 User 2 .... <- USERs

    </Directory>

</VirtualHost>

#

# AWStats End

#

Greez BeNe

:: ispCP Omega RC5 Live Demo - r1267 (19.05.08) --> http://www.isp-control.net/forum/ispcp-o...ml#pid2169 <--

01-24-2008 12:12 AM

BioALIEN
Junior Member

Posts: 209
Group: Graph Team
Joined: Feb 2007
Status: Offline
Reputation: 0

Post: #23

RE: Awstats password protection

BeNe, I think your dirty hack deserves a place in the DocuWiki with a nice step by step so we can all copy Wink

From the code above, I see you've added users, but no mention of how to do the password side of things for these users.

BioALIEN
OS: Debian 4.0 Etch
ispCP Build: RC3 r953 - 28.12.07
Mods: AWStats dynamic

01-24-2008 12:27 AM

NoFutureKid
Junior Member

Posts: 16
Group: Registered
Joined: May 2007
Status: Offline
Reputation: 0

Post: #24

RE: Awstats password protection

Ahh, sorry. I thought you have a hack for auth against mysql Sad
The way you did i already know.

01-24-2008 06:07 AM

BeNe
Moderator

Posts: 2,557
Group: Moderators
Joined: Jan 2007
Status: Offline
Reputation: 35

Post: #25

RE: Awstats password protection

Quote:

BeNe, I think your dirty hack deserves a place in the DocuWiki with a nice step by step so we can all copy

Well, this is only a dirty workaround - but why not.

Quote:

Ahh, sorry. I thought you have a hack for auth against mysql

No! I search also for a solution with mysql which we can use later out of the box.

Greez BeNe

:: ispCP Omega RC5 Live Demo - r1267 (19.05.08) --> http://www.isp-control.net/forum/ispcp-o...ml#pid2169 <--

01-24-2008 06:10 AM

Cube
Documentation Team

Posts: 505
Group: Docu Team
Joined: Apr 2007
Status: Offline
Reputation: 6

Post: #26

RE: Awstats password protection

I once again thought about realising the password protection and would like to hear your opinion about yet another possible solution.

We should start using our own AWStats like we do with the other tools too. We would have a more up-to-date version which generates better stats. New versions there are very rarely and there are not much security updates like in PMA, so there should not be much more work with that.
We put AWStats into the tools-directory (some files perhaps somewhere else) and protected it with a htaccess-file (require valid-user). We also modify the config-template, so that AllowAccessFromWebToAuthenticatedUsersOnly and AllowAccessFromWebToFollowingAuthenticatedUsers are set correctly. Until now there is not much work. Now we have to modify ispcp-dmn-mngr so that the login-data of a new user will be written into a htpasswd-file. Accordingly they should be deleted if you delete the user and modified if you change the password. Probably for this big parts from ispcp-htuser-mngr can be used.
In a further step we could extend the GUI, so that the users can set a separate password for AWStats.
Unfortunately I don't understand enough Perl to realise this.

Another interesting possibility was the script from Jan, but regrettably the thread is broken and he did not respond to my mail to post it again.

02-19-2008 10:22 AM

Kwik
Junior Member

Posts: 33
Group: Registered
Joined: May 2007
Status: Offline
Reputation: 0

Post: #27

RE: Awstats password protection

Just want to mention that a password protection is a MUST HAVE, please, please. I will use BeNes workaround meanwhile. ^^

02-22-2008 07:03 PM

schultzconsult
Newbie

Posts: 7
Group: Registered
Joined: Sep 2007
Status: Offline
Reputation: 0

Post: #28

RE: Awstats password protection

Kwik Wrote:

Just want to mention that a password protection is a MUST HAVE, please, please. I will use BeNes workaround meanwhile. ^^

What about using a combination of perl and htaccess?

If someone may enhance this script, it might be a solution. http://perl.apache.org/docs/1.0/guide/se...e_snippets

inserted into a .htaccess file

Code:

PerlModule My::Auth

  <Location /private>

    PerlAccessHandler My::Auth::access_handler

    PerlSetVar Intranet "10.10.10.1 => userA, 10.10.10.2 => userB"

    PerlAuthenHandler My::Auth::authen_handler

    AuthName realm

    AuthType Basic

    Require valid-user

    Order deny, allow

    Deny from all

  </Location>

Now the code of My/Auth.pm:

Code:

sub access_handler {

        my $r = shift;

        unless ($r->some_auth_required) {

                $r->log_reason("No authentication has been configured");

                return FORBIDDEN;

        }

        # get list of IP addresses

        my %ips = split /\s*(?:=>|,)\s*/, $r->dir_config("Intranet");

        if (my $user = $ips{$r->connection->remote_ip}) {

                # update connection record

                $r->connection->user($user);

                # do not ask for a password

                $r->set_handlers(PerlAuthenHandler => [\&OK]);

        }

        return OK;

    }

    sub authen_handler {

        my $r = shift;

        # get user's authentication credentials

        my ($res, $sent_pw) = $r->get_basic_auth_pw;

        return $res if $res != OK;

        my $user = $r->connection->user;

        # authenticate through DBI

        my $reason = authen_dbi($r, $user, $sent_pw);

        if ($reason) {

                $r->note_basic_auth_failure;

                $r->log_reason($reason, $r->uri);

                return AUTH_REQUIRED;

        }

        return OK;

    }

    sub authen_dbi{

      my ($r, $user, $sent_pw) = @_;

      # validate username/passwd

      return 0 if (*PASSED*) # replace with real code!!!

      return "Failed for X reason";

    }

    # don't forget 1;

    1;

04-14-2008 11:48 PM

BeNe
Moderator

Posts: 2,557
Group: Moderators
Joined: Jan 2007
Status: Offline
Reputation: 35

Post: #29

RE: Awstats password protection

If this works - why not ?
We should try it Smile

Greez BeNe

:: ispCP Omega RC5 Live Demo - r1267 (19.05.08) --> http://www.isp-control.net/forum/ispcp-o...ml#pid2169 <--

04-16-2008 05:25 PM

ephigenie
Administrator

Posts: 570
Group: Administrators
Joined: Oct 2006
Status: Offline
Reputation: 9

Post: #30

RE: Awstats password protection

yeah but this only works with enabled mod_perl ... and mod_perl with mpm-worker is currently not supported...
Although there're approaches / patches to make it run ... but this should be considered unstable.

04-16-2008 08:04 PM

Pages (5): « First < Previous 1 2 [3] 4 5 Next > Last »

« Next Oldest | Next Newest »

View a Printable Version
Send this Thread to a Friend
Subscribe to this Thread | Add Thread to Favorites