Current time: 11-26-2020, 10:34 PM Hello There, Guest! (LoginRegister)


Post Reply 
Awstats password protection
Author Message
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #11
RE: Awstats password protection
Good point, BUT there is the next package problem:
Code:
Starting web server (apache2)...Syntax error on line 21 of /etc/apache2/sites-enabled/01_awstats.conf:
DBD: No driver for mysql
failed!

I checked many sites about mod_dbd and it seems that there is no mysql driver as package available for mod_dbd

Can anyone give me a hint ?

Greez BeNe
10-28-2007 03:10 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Cube Offline
Member
***

Posts: 740
Joined: Apr 2007
Reputation: 9
Post: #12
RE: Awstats password protection
I've created a ticket: AWStats password protection (ticket 837)
11-01-2007 01:42 AM
Find all posts by this user Quote this message in a reply
ephigenie Offline
Project Leader
*******
Administrators

Posts: 1,578
Joined: Oct 2006
Reputation: 15
Post: #13
RE: Awstats password protection
yeah you're right - it seems as if the mysql license is not compatible with debian's ...
so they didn't include the mysql driver ... this is bad.

But i saw that in sid there's mod_auth_mysql again - but it did not make it into stable Sad
11-01-2007 02:38 AM
Visit this user's website Find all posts by this user Quote this message in a reply
jmeyerdo Offline
Junior Member
*

Posts: 173
Joined: Oct 2007
Reputation: 2
Post: #14
RE: Awstats password protection
Hi!
Allow me one suggestion, please...

Perhaps you can take into consideration which modules/technologies are compatible with most platforms/distros?!

One example: With CentOS the "mod_fastcgi" is not standard and it takes higher efforts to find an (unofficial) RPM or to compile it manually.

An authentication by .htaccess should be available on nearly all servers - even it might be harder to implement on isp-CP-side.

Kind regards, keep up your good work,
Jens
11-01-2007 05:26 AM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #15
RE: Awstats password protection
Quote:An authentication by .htaccess should be available on nearly all servers
Of course - .htaccess works, but is not really flexible and dynamic.
I use .htaccess on my Server and i must every single user...
A connect to the db would be very fine here.
Quote:yeah you're right - it seems as if the mysql license is not compatible with debian's ...
so they didn't include the mysql driver ... this is bad.
I found some compiled .deb files of mysql driver but they are damn buggy and apache2 sometimes does not start -> Segment fault...

Greez BeNe
11-01-2007 06:40 AM
Visit this user's website Find all posts by this user Quote this message in a reply
linux-guru Offline
Junior Member
*

Posts: 27
Joined: Jul 2007
Reputation: 0
Post: #16
RE: Awstats password protection
I did a (quite dirty) hack for enabling authentication of stats in static mode.

At first, since mod_auth_mysql is not available on etch and dbd has no mysql-support, the only alternative is libapache2-mod-auth-pam which could be made using libpam-mysql. BUT: libpam-mysql has problems to support md5-password.
So another "hack" is needed. Please see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373834
When the new package is built, install it, and configure as follows:

1. Install libapache2-mod-auth-pam
Code:
apt-get install libapache2-mod-auth-pam -y

2. Create .htaccess e.g. in /var/www/ispcp/engine/awstats/ with the following content:
Code:
AuthPAM_Enabled on
        AuthPAM_FallThrough off
        AuthType Basic
        AuthName "Restricted area"
        AuthUserFile /dev/null
        AuthBasicAuthoritative Off
        Require valid-user

3. Make /etc/pam.d/apache2 looking like this:
Code:
auth required pam_mysql.so user=root passwd=YOUR_PASS host=localhost db=ispcp table=admin usercolumn=admin_name passwdcolumn=admin_pass crypt=3
account required pam_mysql.so user=root passwd=YOUR_PASS host=localhost db=ispcp table=admin usercolumn=admin_name passwdcolumn=admin_pass crypt=3
#@include common-auth
#@include common-account

4. Edit /var/www/ispcp/engine/ispcp-dmn-mngr
after (currently lines 1911-1921)
Code:
if ($main::cfg{'AWSTATS_ACTIVE'} eq 'yes' && $main::cfg{'AWSTATS_MODE'} eq 1) {
                if (! -d "$www_dir/$dmn_name/statistics") {
                    $rs = make_dir(
                                    "$www_dir/$dmn_name/statistics",
                                    $sys_user,
                                    $sys_group,
                                    0755
                                    );

                return $rs if ($rs != 0);
        }
insert
Code:
if (! -e "$www_dir/$dmn_name/statistics/.htaccess") {

                $rs = sys_command("$main::cfg{'CMD_CP'} -p $root_dir/engine/awstats/.htaccess $www_dir/$dmn_name/statistics/");
                return $rs if ($rs != 0);
                $rs = setfmode("$www_dir/$dmn_name/statistics/.htaccess", $sys_user, $sys_group, 0644);
                return $rs if ($rs != 0);
            }
and the same again after
Code:
if ($main::cfg{'AWSTATS_ACTIVE'} eq 'yes' && $main::cfg{'AWSTATS_MODE'} eq 1) {
                if (! -d "$www_dir/$dmn_name/statistics") {
                    $rs = make_dir(
                                    "$www_dir/$dmn_name/statistics",
                                    $sys_user,
                                    $sys_group,
                                    0755
                                    );

                return $rs if ($rs != 0);
        }
(currently lines 2347-2357)

5. Tell ispcp that there are changes which are needed to be processed.
Code:
mysql -u root -p<password>
mysql>USE ispcp
mysql>UPDATE domain SET domain_status = 'change' WHERE domain_status = 'ok';
mysql>quit

6. Run the update
Code:
/var/www/ispcp/engine/ispcp-rqst-mngr

Now your users have protected stats which can only be seen through authentication with their ispcp-admin-login and the corresponding password.

Note: If one knows another hosting on this machine, he/she it is able to see the other users stats while entering his own credentials!

Feedback is welcome! :-)
(This post was last modified: 12-23-2007 04:04 AM by linux-guru.)
12-23-2007 02:25 AM
Find all posts by this user Quote this message in a reply
Mike Offline


Posts: 2
Joined: Feb 2007
Reputation: 0
Post: #17
RE: Awstats password protection
Another Method would be over PHP-CURL... so we would be able to check the siteconfig with the user (from DB)...

PHP Code:
    header('WWW-Authenticate: Basic realm="Domain Statistics"');
    
header('HTTP/1.0 401 Unauthorized');
    echo 
'Authorization Required.';
    exit; 
(This post was last modified: 12-26-2007 07:36 AM by Mike.)
12-26-2007 07:35 AM
Find all posts by this user Quote this message in a reply
divion Offline


Posts: 3
Joined: Jan 2008
Reputation: 0
Post: #18
RE: Awstats password protection
Happy to see you all here working with a non dieing version of VHCS.

To add my help to this section ( havent tested ispcp yet (dont blame me i found it today) ) i was working with 2 scripts that were updating the stats, making new conf files and copying stats to users dir for backup.

If any of this would be helpfull to anyone send me a msg to post them.
Not to mention ( Debian 3.1 (Not updated this either))
01-09-2008 03:21 PM
Find all posts by this user Quote this message in a reply
NoFutureKid Offline
Junior Member
*

Posts: 16
Joined: May 2007
Reputation: 0
Post: #19
RE: Awstats password protection
What about mod_authn_dbi (http://mod-auth.sourceforge.net)?
01-23-2008 04:06 AM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #20
RE: Awstats password protection
Never heard about it Rolleyes
Maybe you can try to get it running ?

I use a dirty workaround with a .htaccess in the Apache Awstats Directive.
But it works...

Greez BeNe
01-23-2008 05:50 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)