+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: Suggestions (/forum-2.html)
+--- Thread: Awstats password protection (/thread-1562.html)
RE: Awstats password protection - Eminos - 06-16-2008 04:01 AM
Cube Wrote:I have not tested this yet, but I think it is still necessary to modify the awstats-configs (AllowAccessFromWebToAuthenticatedUsersOnly / AllowAccessFromWebToFollowingAuthenticatedUsers) to avoid that the users can access their stats one another.
True. I have done this, and it works great
/E
RE: Awstats password protection - momo - 06-17-2008 02:26 AM
@rycardo
Thanks a lot, works great
@cube
Exactly what I was looking for
The awstats-configs for all domain is
/etc/ispcp/awstats/awstats.ispcp_tpl.conf
Code:
AllowAccessFromWebToAuthenticatedUsersOnly=1If you set :
Code:
AllowAccessFromWebToFollowingAuthenticatedUsers=""So you must define AllowAccessFromWebToFollowingAuthenticatedUsers for every domain. These config files location is :
Code:
/etc/awstatsNow, everytime you will "regenerate" ispcp, these config files will be overwritten by
Code:
/etc/ispcp/awstats/awstats.ispcp_tpl.confTo avoid that, I would like to make regeneration skip awstats config
Any ideas ?
RE: Awstats password protection - Eminos - 06-17-2008 03:29 AM
Why don't you just change that awstats ispcp template (/etc/ispcp/awstats/awstats.ispcp_tpl.conf), so that the domain is set from the variable for all new or regenerated domains.
That works for me.
/E
RE: Awstats password protection - momo - 06-17-2008 04:46 AM
When I put
Code:
AllowAccessFromWebToFollowingAuthenticatedUsers = "user1 user2"user2 will successfully log into
http://www.user1.com/stats/ and http://www.user2.com/stats/
and vice-versa
RE: Awstats password protection - Eminos - 06-17-2008 04:50 AM
momo Wrote:When I put
Code:
AllowAccessFromWebToFollowingAuthenticatedUsers = "user1 user2"
user2 will successfully log into
http://www.user1.com/stats/ and http://www.user2.com/stats/
and vice-versa
You should only add ONE domain (user1). In the template file you can use the variable {DOMAIN_NAME} to set the correct domain name/user.
/E
RE: Awstats password protection - momo - 06-17-2008 05:01 AM
Hmmm that makes a lot of sense
and it is working perfectly!
Thank you
RE: Awstats password protection - memic - 06-22-2008 08:11 AM
i wrote a little script to create a htpasswd file for awstats access,
my Apache Directory in /etc/apache2/sites-enabled/01_awstats.conf looks like this:
<Directory /usr/lib/cgi-bin>
Options +ExecCGI
DirectoryIndex awstats.pl
Order allow,deny
Allow from all
AuthType Basic
AuthName "AWStats"
AuthUserFile /etc/apache2/awstatsusers
Require valid-user <- no users needed here since this is done in the awstats config files
</Directory>
I changed the template /etc/ispcp/awstats/awstats.ispcp_tpl.conf, the same way i have seen this in post before:
AllowAccessFromWebToAuthenticatedUsersOnly="1"
AllowAccessFromWebToFollowingAuthenticatedUsers="{DOMAIN_NAME}"
My first idea was to use the md5 sums from the admin table
to create the htpasswd file, but there is the problem that
md5sum which htpasswd creates are salted, so there is no
way to use the existing hashes for authentication.
Here is the script, it does the job of creating a password
for every domain in the /etc/apache2/awstatsusers file.
Attention the file /etc/apache2/awstatsusers gets deleted every
time, and new passwords are generated.
Fell free to edit/copy do whatever..
#!/usr/bin/perl -w
use DBI;
my $dbh = DBI->connect('dbi:mysql:ispcp:localhost:3306','root','yourpassword',{ RaiseError => 1, AutoCommit => 1});
my $sql = qq{select admin_name from admin;};
my $sth = $dbh->prepare($sql);
$sth->execute();
my $mypass="";
unlink ("/etc/apache2/awstatsusers");
system ("touch /etc/apache2/awstatsusers");
while(@ergebnis=$sth->fetchrow_array)
{
$mypass=randomPassword();
print $ergebnis[0], ":", $mypass, "\n";
system "htpasswd -mb /etc/apache2/awstatsusers $ergebnis[0] $mypass &> /dev/null";
}
sub randomPassword {
my $password;
my $_rand;
my $password_length = $_[0];
if (!$password_length) {
$password_length = 10;
}
my @chars = split(" ", "a b c d e f g h i j k l m n o
p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9");
srand;
for (my $i=0; $i <= $password_length ;$i++) {
$_rand = int(rand 36);
$password .= $chars[$_rand];
}
return $password;
}
---------
maybe a new table for the awstats user should be added, with
the possibilty to change the the password via webinterface, as
default password the login password for the domain.
memic
RE: Awstats password protection - RatS - 08-09-2008 07:39 PM
I started implementing the password protection. I guess it will on the path Cube used...
RE: Awstats password protection - obey - 08-12-2008 07:18 PM
i have implemented a custom script incl. button to update the file created by memic's script.
i had to make a few changes so ispcp was able to fetch the file over php, regarding a open basedir restriction. What i changed was the path to the awstatsusers file. i put it in /var/www/ispcp/gui/include/awstatsusers . that worked for me
i have implemented the solution on a debian etch ispcp rc5 and on a CentOS5 with ispcp rc4.
also i will write a full howto soon, but i'm going on vacation in a week and i have a looong todo list before that, so i've got not much time to finish this.
nevertheless i attached the relevant files :
- /var/www/ispcp/gui/client/protected_awstats.php
- /var/www/ispcp/gui/themes/omega_original/client/protected_awstats.tpl (damn, the forum won't pick that one up?)
pls feel free to pm or email me for a short description.
greetz
obey![attachment=424]
RE: Awstats password protection - RatS - 08-13-2008 05:31 AM
zip it and attach it or open a ticket. Thank you so much!