Current time: 11-26-2020, 06:47 PM Hello There, Guest! (LoginRegister)


Post Reply 
Awstats password protection
Author Message
NoFutureKid Offline
Junior Member
*

Posts: 16
Joined: May 2007
Reputation: 0
Post: #21
RE: Awstats password protection
I don't get it to compile. I think it's only up to Apache 2.0, but i'm not sure.

@BeNe: Perhaps you can tell me more about your dirty hack Big Grin
01-23-2008 08:38 PM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #22
RE: Awstats password protection
Yes, of course. i modified my /etc/apache2/sites-enabled/01_awstats.conf like this

Code:
#
# AWStats Begin
#

Alias /awstatsicons "/usr/share/awstats/icon/"


NameVirtualHost 127.0.0.1:80

<VirtualHost 127.0.0.1:80>

    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteRule ^/stats/(.+)/$ http://localhost/awstats/?config=$1 [P]
        RewriteRule ^/stats/(.+)/awstats.pl(.*)$ http://localhost/awstats/$2 [P]
    </IfModule>

    ScriptAlias /awstats "/usr/lib/cgi-bin/awstats.pl"

<Directory /usr/lib/cgi-bin>
        Options +ExecCGI
        DirectoryIndex awstats.pl
        Order allow,deny
        Allow from all

        AuthType Basic
        AuthName "AWStats"
        AuthUserFile /var/www/virtual/.htpasswd <- Could be a path...
        Require user User1 User 2 .... <- USERs
    </Directory>

</VirtualHost>

#
# AWStats End
#

Greez BeNe
01-24-2008 12:12 AM
Visit this user's website Find all posts by this user Quote this message in a reply
BioALIEN Offline
Public Relations Officer
*****
Dev Team

Posts: 620
Joined: Feb 2007
Reputation: 5
Post: #23
RE: Awstats password protection
BeNe, I think your dirty hack deserves a place in the DocuWiki with a nice step by step so we can all copy Wink

From the code above, I see you've added users, but no mention of how to do the password side of things for these users.
01-24-2008 12:27 AM
Find all posts by this user Quote this message in a reply
NoFutureKid Offline
Junior Member
*

Posts: 16
Joined: May 2007
Reputation: 0
Post: #24
RE: Awstats password protection
Ahh, sorry. I thought you have a hack for auth against mysql Sad
The way you did i already know.
01-24-2008 06:07 AM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #25
RE: Awstats password protection
Quote:BeNe, I think your dirty hack deserves a place in the DocuWiki with a nice step by step so we can all copy
Well, this is only a dirty workaround - but why not.
Quote:Ahh, sorry. I thought you have a hack for auth against mysql
No! I search also for a solution with mysql which we can use later out of the box.

Greez BeNe
01-24-2008 06:10 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Cube Offline
Member
***

Posts: 740
Joined: Apr 2007
Reputation: 9
Post: #26
RE: Awstats password protection
I once again thought about realising the password protection and would like to hear your opinion about yet another possible solution.

We should start using our own AWStats like we do with the other tools too. We would have a more up-to-date version which generates better stats. New versions there are very rarely and there are not much security updates like in PMA, so there should not be much more work with that.
We put AWStats into the tools-directory (some files perhaps somewhere else) and protected it with a htaccess-file (require valid-user). We also modify the config-template, so that AllowAccessFromWebToAuthenticatedUsersOnly and AllowAccessFromWebToFollowingAuthenticatedUsers are set correctly. Until now there is not much work. Now we have to modify ispcp-dmn-mngr so that the login-data of a new user will be written into a htpasswd-file. Accordingly they should be deleted if you delete the user and modified if you change the password. Probably for this big parts from ispcp-htuser-mngr can be used.
In a further step we could extend the GUI, so that the users can set a separate password for AWStats.
Unfortunately I don't understand enough Perl to realise this.

Another interesting possibility was the script from Jan, but regrettably the thread is broken and he did not respond to my mail to post it again.
02-19-2008 10:22 AM
Find all posts by this user Quote this message in a reply
Kwik Offline
Junior Member
*

Posts: 41
Joined: May 2007
Reputation: 0
Post: #27
RE: Awstats password protection
Just want to mention that a password protection is a MUST HAVE, please, please. I will use BeNes workaround meanwhile. ^^
02-22-2008 07:03 PM
Find all posts by this user Quote this message in a reply
schultzconsult Offline
Newbie
*

Posts: 7
Joined: Sep 2007
Reputation: 0
Post: #28
RE: Awstats password protection
Kwik Wrote:Just want to mention that a password protection is a MUST HAVE, please, please. I will use BeNes workaround meanwhile. ^^

What about using a combination of perl and htaccess?

If someone may enhance this script, it might be a solution. http://perl.apache.org/docs/1.0/guide/se...e_snippets

inserted into a .htaccess file
Code:
PerlModule My::Auth
  
  <Location /private>
    PerlAccessHandler My::Auth::access_handler
    PerlSetVar Intranet "10.10.10.1 => userA, 10.10.10.2 => userB"
    PerlAuthenHandler My::Auth::authen_handler
    AuthName realm
    AuthType Basic
    Require valid-user
    Order deny, allow
    Deny from all
  </Location>
Now the code of My/Auth.pm:
Code:
sub access_handler {
  
        my $r = shift;
  
        unless ($r->some_auth_required) {
                $r->log_reason("No authentication has been configured");
                return FORBIDDEN;
        }
        # get list of IP addresses
        my %ips = split /\s*(?:=>|,)\s*/, $r->dir_config("Intranet");
  
        if (my $user = $ips{$r->connection->remote_ip}) {
  
                # update connection record
                $r->connection->user($user);
  
                # do not ask for a password
                $r->set_handlers(PerlAuthenHandler => [\&OK]);
        }
        return OK;
    }
    
    sub authen_handler {
  
        my $r = shift;
  
        # get user's authentication credentials
        my ($res, $sent_pw) = $r->get_basic_auth_pw;
        return $res if $res != OK;
        my $user = $r->connection->user;
  
        # authenticate through DBI
        my $reason = authen_dbi($r, $user, $sent_pw);
  
        if ($reason) {
                $r->note_basic_auth_failure;
                $r->log_reason($reason, $r->uri);
                return AUTH_REQUIRED;
        }
        return OK;
    }
    
    sub authen_dbi{
      my ($r, $user, $sent_pw) = @_;
  
      # validate username/passwd
  
      return 0 if (*PASSED*) # replace with real code!!!
  
      return "Failed for X reason";
  
    }
    # don't forget 1;
    1;
04-14-2008 11:48 PM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #29
RE: Awstats password protection
If this works - why not ?
We should try it Smile

Greez BeNe
04-16-2008 05:25 PM
Visit this user's website Find all posts by this user Quote this message in a reply
ephigenie Offline
Project Leader
*******
Administrators

Posts: 1,578
Joined: Oct 2006
Reputation: 15
Post: #30
RE: Awstats password protection
yeah but this only works with enabled mod_perl ... and mod_perl with mpm-worker is currently not supported...
Although there're approaches / patches to make it run ... but this should be considered unstable.
04-16-2008 08:04 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)