It works! It was quite easy to make awstat (or anything else) authenticate users using mysql. For those who are looking for a quick solution, here it is:
1. You need mod_authnz_external (Apache 2.2) or mod_auth_external (Apache <2.1) from
http://unixpapa.com/mod_auth_external.html
2. You need a tiny perl script to perform the query and the test, feel free to get mine from
http://www.2go.ge/mysql-auth.tar.gz and extract it into /usr/share/awstats/wwwroot/cgi-bin/
3. Edit this script /usr/share/awstats/wwwroot/cgi-bin/mysql-auth.pl and put in your mysql username and password which has read access to the ispcp.admin table
3. Edit your domain's awstats files in /etc/awstats/awstats.yourdomain.conf and replace
AllowAccessFromWebToAuthenticatedUsersOnly=1
AllowAccessFromWebToFollowingAuthenticatedUsers="yourdomain"
4. Edit the awstats template /etc/ispcp/awstats/awstats.ispcp_tpl.conf and replace
AllowAccessFromWebToAuthenticatedUsersOnly=1
AllowAccessFromWebToFollowingAuthenticatedUsers="{DOMAIN_NAME}"
5. Edit the awstats apache conf /etc/httpd/vhosts/01_awstats.conf and add
<Directory /usr/share/awstats>
AllowOverride none
Options ExecCGI FollowSymLinks
Order allow,deny
Allow from all
AuthType Basic
AuthName "Authentication required"
AuthBasicProvider external
AuthExternal mysql-auth
Require valid-user
</Directory>
AddExternalAuth mysql-auth /usr/share/awstats/wwwroot/cgi-bin/mysql-auth.pl
SetExternalAuthMethod mysql-auth.pl pipe
Restart apache and enjoy password protected awstats. Note: I observed that mod_auth_mysql is slightly faster than mod_authnz_external, but _external is more stable, allows to run scripts in root while apache runs suexec and even if your db-script crashes it won't make apache crash as well. For me it works so well that I decided to replaced the default ISPCP login with this solution. Attacker won't even notice that there is ISPCP on the server...
Search
Member List
Calendar
Help
RE: Awstats password protection 
