Awstats password protection

[BeNe]

Good point, BUT there is the next package problem:

Code:

Starting web server (apache2)...Syntax error on line 21 of /etc/apache2/sites-enabled/01_awstats.conf:
DBD: No driver for mysql
failed!

I checked many sites about mod_dbd and it seems that there is no mysql driver as package available for mod_dbd

Can anyone give me a hint ?

Greez BeNe

[Cube]

I've created a ticket: AWStats password protection (ticket 837)

[ephigenie]

yeah you're right - it seems as if the mysql license is not compatible with debian's ...
so they didn't include the mysql driver ... this is bad.

But i saw that in sid there's mod_auth_mysql again - but it did not make it into stable

[jmeyerdo]

Hi!
Allow me one suggestion, please...

Perhaps you can take into consideration which modules/technologies are compatible with most platforms/distros?!

One example: With CentOS the "mod_fastcgi" is not standard and it takes higher efforts to find an (unofficial) RPM or to compile it manually.

An authentication by .htaccess should be available on nearly all servers - even it might be harder to implement on isp-CP-side.

Kind regards, keep up your good work,
Jens

[BeNe]

Quote:An authentication by .htaccess should be available on nearly all servers

Of course - .htaccess works, but is not really flexible and dynamic.
I use .htaccess on my Server and i must every single user...
A connect to the db would be very fine here.

Quote:yeah you're right - it seems as if the mysql license is not compatible with debian's ...
so they didn't include the mysql driver ... this is bad.

I found some compiled .deb files of mysql driver but they are damn buggy and apache2 sometimes does not start -> Segment fault...

Greez BeNe

[linux-guru]

I did a (quite dirty) hack for enabling authentication of stats in static mode.

At first, since mod_auth_mysql is not available on etch and dbd has no mysql-support, the only alternative is libapache2-mod-auth-pam which could be made using libpam-mysql. BUT: libpam-mysql has problems to support md5-password.
So another "hack" is needed. Please see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373834
When the new package is built, install it, and configure as follows:

1. Install libapache2-mod-auth-pam

Code:

apt-get install libapache2-mod-auth-pam -y

2. Create .htaccess e.g. in /var/www/ispcp/engine/awstats/ with the following content:

Code:

AuthPAM_Enabled on
        AuthPAM_FallThrough off
        AuthType Basic
        AuthName "Restricted area"
        AuthUserFile /dev/null
        AuthBasicAuthoritative Off
        Require valid-user

3. Make /etc/pam.d/apache2 looking like this:

Code:

auth required pam_mysql.so user=root passwd=YOUR_PASS host=localhost db=ispcp table=admin usercolumn=admin_name passwdcolumn=admin_pass crypt=3
account required pam_mysql.so user=root passwd=YOUR_PASS host=localhost db=ispcp table=admin usercolumn=admin_name passwdcolumn=admin_pass crypt=3
#@include common-auth
#@include common-account

4. Edit /var/www/ispcp/engine/ispcp-dmn-mngr
after (currently lines 1911-1921)

Code:

if ($main::cfg{'AWSTATS_ACTIVE'} eq 'yes' && $main::cfg{'AWSTATS_MODE'} eq 1) {
                if (! -d "$www_dir/$dmn_name/statistics") {
                    $rs = make_dir(
                                    "$www_dir/$dmn_name/statistics",
                                    $sys_user,
                                    $sys_group,
                                    0755
                                    );

                return $rs if ($rs != 0);
        }

insert

Code:

if (! -e "$www_dir/$dmn_name/statistics/.htaccess") {

                $rs = sys_command("$main::cfg{'CMD_CP'} -p $root_dir/engine/awstats/.htaccess $www_dir/$dmn_name/statistics/");
                return $rs if ($rs != 0);
                $rs = setfmode("$www_dir/$dmn_name/statistics/.htaccess", $sys_user, $sys_group, 0644);
                return $rs if ($rs != 0);
            }

and the same again after

Code:

if ($main::cfg{'AWSTATS_ACTIVE'} eq 'yes' && $main::cfg{'AWSTATS_MODE'} eq 1) {
                if (! -d "$www_dir/$dmn_name/statistics") {
                    $rs = make_dir(
                                    "$www_dir/$dmn_name/statistics",
                                    $sys_user,
                                    $sys_group,
                                    0755
                                    );

                return $rs if ($rs != 0);
        }

(currently lines 2347-2357)

5. Tell ispcp that there are changes which are needed to be processed.

Code:

mysql -u root -p<password>
mysql>USE ispcp
mysql>UPDATE domain SET domain_status = 'change' WHERE domain_status = 'ok';
mysql>quit

6. Run the update

Code:

/var/www/ispcp/engine/ispcp-rqst-mngr

Now your users have protected stats which can only be seen through authentication with their ispcp-admin-login and the corresponding password.

Note: If one knows another hosting on this machine, he/she it is able to see the other users stats while entering his own credentials!

Feedback is welcome! :-)

[Mike]

Another Method would be over PHP-CURL... so we would be able to check the siteconfig with the user (from DB)...

PHP Code:

    header('WWW-Authenticate: Basic realm="Domain Statistics"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Authorization Required.';
    exit; 


[divion]

Happy to see you all here working with a non dieing version of VHCS.

To add my help to this section ( havent tested ispcp yet (dont blame me i found it today) ) i was working with 2 scripts that were updating the stats, making new conf files and copying stats to users dir for backup.

If any of this would be helpfull to anyone send me a msg to post them.
Not to mention ( Debian 3.1 (Not updated this either))

[NoFutureKid]

What about mod_authn_dbi (http://mod-auth.sourceforge.net)?

[BeNe]

Never heard about it
Maybe you can try to get it running ?

I use a dirty workaround with a .htaccess in the Apache Awstats Directive.
But it works...

Greez BeNe