[HowTo]My solution to password protect AWStats

[HowTo]My solution to password protect AWStats - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Contributions Area (/forum-40.html)
+--- Forum: Howtos (/forum-41.html)
+--- Thread: [HowTo]My solution to password protect AWStats (/thread-3356.html)

[HowTo]My solution to password protect AWStats - Blondak - 05-23-2008 06:49 PM

Requirements

pam_mysql
mod_auth_pam ( http://pam.sourceforge.net/mod_auth_pam/download.html optional with Patch for setting service name and caching authentication )

Setup database
because pam_mysql in current version does not support MD5 you must edit table admin

Code:

ALTER TABLE admin ADD apache_pass VARCHAR(41);

or you can create own table, but than you must update pam config file to match this table.Then set passwords using mysql PASSWORD function (can we change MD5 password to PASSWORD encrypted ones?). I suggest create user as above.

Code:

GRANT SELECT ON ispcp.admin TO XXX@"localhost" IDENTIFIED BY "YYY";FLUSH PRIVILEGES;

this will create user that can only read ispcp.admin

Configure PAM
create config file for pam, if have mod_auth_pam with path for setting service name create file /etc/pam.d/apache-awstats otherwise /etc/pam.d/apache2

Code:

auth    required pam_mysql.so user=XXX passwd=YYY host=localhost db=ispcp table=admin usercolumn=admin_name passwdcolumn=apache_pass crypt=mysql

account required pam_mysql.so user=XXX passwd=YYY host=localhost db=ispcp table=admin usercolumn=admin_name passwdcolumn=apache_pass crypt=mysql

change permissions

Code:

chmod 640 /etc/pam.d/apache-awstats

chown root.www-data /etc/pam.d/apache-awstats

Update /etc/apache2/sites-available/01_awstats.conf
update /etc/apache2/sites-available/01_awstats.conf

Code:

<Directory /usr/lib/cgi-bin>

#add this : begin

        AuthPAM_Enabled on

        AuthPAM_FallThrough off

#next line only with service-name patch

    AuthPAM_ServiceName apache-awstats

        AuthType Basic

        AuthName "AWStats"

        AuthUserFile /dev/null

        AuthBasicAuthoritative Off

        Require valid-user

#add this : end

    AllowOverride none

        Options +ExecCGI

        DirectoryIndex awstats.pl

        Order allow,deny

        Allow from all

    </Directory>

Update AWStats config
next you must update awstats config files

Code:

AllowAccessFromWebToAuthenticatedUsersOnly=1

AllowAccessFromWebToFollowingAuthenticatedUsers="__USERNAMES_WITH_ACCESS__" #(probably domain name)

Done
restart apache and passwords should work Wink

My tips for awstats
i have create file /etc/awstats/support/awstats.common.conf with common configuration for all domain
i update /etc/ispcp/awstats/awstats.ispcp_tpl.conf to following

Code:

Include "/etc/awstats/support/awstats.common.conf"

LogFile="{APACHE_LOG_DIR}/{DOMAIN_NAME}-combined.log"

SiteDomain="{DOMAIN_NAME}"

HostAliases="www.{DOMAIN_NAME} REGEX[^.*\.{DOMAIN_NAME}$]"

AllowAccessFromWebToAuthenticatedUsersOnly=1

AllowAccessFromWebToFollowingAuthenticatedUsers="{DOMAIN_NAME} admin"

reason of this is, when i want etc. add new module I can do it in one file and i don't need to change each file.

I hope that I don't forgot something.

With Regards Blonďák