Current time: 11-27-2024, 01:02 PM Hello There, Guest! (LoginRegister)


Post Reply 
Awstats password protection
Author Message
Eminos Offline
Junior Member
*

Posts: 159
Joined: Jan 2007
Reputation: 0
Post: #41
RE: Awstats password protection
Cube Wrote:I have not tested this yet, but I think it is still necessary to modify the awstats-configs (AllowAccessFromWebToAuthenticatedUsersOnly / AllowAccessFromWebToFollowingAuthenticatedUsers) to avoid that the users can access their stats one another.

True. I have done this, and it works great Smile

/E
06-16-2008 04:01 AM
Find all posts by this user Quote this message in a reply
momo Offline
Junior Member
*

Posts: 148
Joined: Jun 2008
Reputation: 1
Post: #42
RE: Awstats password protection
@rycardo
Thanks a lot, works great
@cube
Exactly what I was looking for


The awstats-configs for all domain is
/etc/ispcp/awstats/awstats.ispcp_tpl.conf

Code:
AllowAccessFromWebToAuthenticatedUsersOnly=1

If you set :
Code:
AllowAccessFromWebToFollowingAuthenticatedUsers=""
All known users can access other domain stats

So you must define AllowAccessFromWebToFollowingAuthenticatedUsers for every domain. These config files location is :
Code:
/etc/awstats

Now, everytime you will "regenerate" ispcp, these config files will be overwritten by
Code:
/etc/ispcp/awstats/awstats.ispcp_tpl.conf
So you will need to change once more all config files 1 by 1, which is annoying and time consuming.

To avoid that, I would like to make regeneration skip awstats config

Any ideas ?
(This post was last modified: 06-17-2008 02:59 AM by momo.)
06-17-2008 02:26 AM
Find all posts by this user Quote this message in a reply
Eminos Offline
Junior Member
*

Posts: 159
Joined: Jan 2007
Reputation: 0
Post: #43
RE: Awstats password protection
Why don't you just change that awstats ispcp template (/etc/ispcp/awstats/awstats.ispcp_tpl.conf), so that the domain is set from the variable for all new or regenerated domains.

That works for me.

/E
(This post was last modified: 06-17-2008 03:30 AM by Eminos.)
06-17-2008 03:29 AM
Find all posts by this user Quote this message in a reply
momo Offline
Junior Member
*

Posts: 148
Joined: Jun 2008
Reputation: 1
Post: #44
RE: Awstats password protection
When I put
Code:
AllowAccessFromWebToFollowingAuthenticatedUsers = "user1 user2"

user2 will successfully log into

http://www.user1.com/stats/ and http://www.user2.com/stats/

and vice-versa
(This post was last modified: 06-17-2008 04:47 AM by momo.)
06-17-2008 04:46 AM
Find all posts by this user Quote this message in a reply
Eminos Offline
Junior Member
*

Posts: 159
Joined: Jan 2007
Reputation: 0
Post: #45
RE: Awstats password protection
momo Wrote:When I put
Code:
AllowAccessFromWebToFollowingAuthenticatedUsers = "user1 user2"

user2 will successfully log into

http://www.user1.com/stats/ and http://www.user2.com/stats/

and vice-versa

You should only add ONE domain (user1). In the template file you can use the variable {DOMAIN_NAME} to set the correct domain name/user.

/E
06-17-2008 04:50 AM
Find all posts by this user Quote this message in a reply
momo Offline
Junior Member
*

Posts: 148
Joined: Jun 2008
Reputation: 1
Post: #46
RE: Awstats password protection
Hmmm that makes a lot of sense Smile
and it is working perfectly!

Thank you
(This post was last modified: 06-17-2008 05:05 AM by momo.)
06-17-2008 05:01 AM
Find all posts by this user Quote this message in a reply
memic Offline
Newbie
*

Posts: 6
Joined: Jun 2008
Reputation: 0
Post: #47
RE: Awstats password protection
i wrote a little script to create a htpasswd file for awstats access,
my Apache Directory in /etc/apache2/sites-enabled/01_awstats.conf looks like this:

<Directory /usr/lib/cgi-bin>
Options +ExecCGI
DirectoryIndex awstats.pl
Order allow,deny
Allow from all

AuthType Basic
AuthName "AWStats"
AuthUserFile /etc/apache2/awstatsusers
Require valid-user <- no users needed here since this is done in the awstats config files
</Directory>

I changed the template /etc/ispcp/awstats/awstats.ispcp_tpl.conf, the same way i have seen this in post before:

AllowAccessFromWebToAuthenticatedUsersOnly="1"
AllowAccessFromWebToFollowingAuthenticatedUsers="{DOMAIN_NAME}"

My first idea was to use the md5 sums from the admin table
to create the htpasswd file, but there is the problem that
md5sum which htpasswd creates are salted, so there is no
way to use the existing hashes for authentication.

Here is the script, it does the job of creating a password
for every domain in the /etc/apache2/awstatsusers file.
Attention the file /etc/apache2/awstatsusers gets deleted every
time, and new passwords are generated.
Fell free to edit/copy do whatever..

#!/usr/bin/perl -w

use DBI;

my $dbh = DBI->connect('dbi:mysql:ispcp:localhost:3306','root','yourpassword',{ RaiseError => 1, AutoCommit => 1});

my $sql = qq{select admin_name from admin;};
my $sth = $dbh->prepare($sql);
$sth->execute();

my $mypass="";
unlink ("/etc/apache2/awstatsusers");
system ("touch /etc/apache2/awstatsusers");
while(@ergebnis=$sth->fetchrow_array)
{

$mypass=randomPassword();
print $ergebnis[0], ":", $mypass, "\n";

system "htpasswd -mb /etc/apache2/awstatsusers $ergebnis[0] $mypass &> /dev/null";
}
sub randomPassword {
my $password;
my $_rand;

my $password_length = $_[0];
if (!$password_length) {
$password_length = 10;
}

my @chars = split(" ", "a b c d e f g h i j k l m n o
p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9");

srand;

for (my $i=0; $i <= $password_length ;$i++) {
$_rand = int(rand 36);
$password .= $chars[$_rand];
}

return $password;
}

---------

maybe a new table for the awstats user should be added, with
the possibilty to change the the password via webinterface, as
default password the login password for the domain.

memic
06-22-2008 08:11 AM
Find all posts by this user Quote this message in a reply
RatS Offline
Project Leader
******

Posts: 1,854
Joined: Oct 2006
Reputation: 17
Post: #48
RE: Awstats password protection
I started implementing the password protection. I guess it will on the path Cube used...
08-09-2008 07:39 PM
Visit this user's website Find all posts by this user Quote this message in a reply
obey Offline
Junior Member
*

Posts: 18
Joined: Jun 2008
Reputation: 0
Post: #49
RE: Awstats password protection
i have implemented a custom script incl. button to update the file created by memic's script.

i had to make a few changes so ispcp was able to fetch the file over php, regarding a open basedir restriction. What i changed was the path to the awstatsusers file. i put it in /var/www/ispcp/gui/include/awstatsusers . that worked for me Smile

i have implemented the solution on a debian etch ispcp rc5 and on a CentOS5 with ispcp rc4.

also i will write a full howto soon, but i'm going on vacation in a week and i have a looong todo list before that, so i've got not much time to finish this.
nevertheless i attached the relevant files :
- /var/www/ispcp/gui/client/protected_awstats.php
- /var/www/ispcp/gui/themes/omega_original/client/protected_awstats.tpl (damn, the forum won't pick that one up?)

pls feel free to pm or email me for a short description.

greetz
obey!
.php  protected_awstats.php (Size: 4.88 KB / Downloads: 30)
(This post was last modified: 08-12-2008 07:21 PM by obey.)
08-12-2008 07:18 PM
Find all posts by this user Quote this message in a reply
RatS Offline
Project Leader
******

Posts: 1,854
Joined: Oct 2006
Reputation: 17
Post: #50
RE: Awstats password protection
zip it and attach it or open a ticket. Thank you so much!
08-13-2008 05:31 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 3 Guest(s)