Awstats password protection

[NoFutureKid]

I don't get it to compile. I think it's only up to Apache 2.0, but i'm not sure.

@BeNe: Perhaps you can tell me more about your dirty hack

[BeNe]

Yes, of course. i modified my /etc/apache2/sites-enabled/01_awstats.conf like this

Code:

#
# AWStats Begin
#

Alias /awstatsicons "/usr/share/awstats/icon/"


NameVirtualHost 127.0.0.1:80

<VirtualHost 127.0.0.1:80>

    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteRule ^/stats/(.+)/$ http://localhost/awstats/?config=$1 [P]
        RewriteRule ^/stats/(.+)/awstats.pl(.*)$ http://localhost/awstats/$2 [P]
    </IfModule>

    ScriptAlias /awstats "/usr/lib/cgi-bin/awstats.pl"

<Directory /usr/lib/cgi-bin>
        Options +ExecCGI
        DirectoryIndex awstats.pl
        Order allow,deny
        Allow from all

        AuthType Basic
        AuthName "AWStats"
        AuthUserFile /var/www/virtual/.htpasswd <- Could be a path...
        Require user User1 User 2 .... <- USERs
    </Directory>

</VirtualHost>

#
# AWStats End
#

Greez BeNe

[BioALIEN]

BeNe, I think your dirty hack deserves a place in the DocuWiki with a nice step by step so we can all copy

From the code above, I see you've added users, but no mention of how to do the password side of things for these users.

[NoFutureKid]

Ahh, sorry. I thought you have a hack for auth against mysql
The way you did i already know.

[BeNe]

Quote:BeNe, I think your dirty hack deserves a place in the DocuWiki with a nice step by step so we can all copy

Well, this is only a dirty workaround - but why not.

Quote:Ahh, sorry. I thought you have a hack for auth against mysql

No! I search also for a solution with mysql which we can use later out of the box.

Greez BeNe

[Cube]

I once again thought about realising the password protection and would like to hear your opinion about yet another possible solution.

We should start using our own AWStats like we do with the other tools too. We would have a more up-to-date version which generates better stats. New versions there are very rarely and there are not much security updates like in PMA, so there should not be much more work with that.
We put AWStats into the tools-directory (some files perhaps somewhere else) and protected it with a htaccess-file (require valid-user). We also modify the config-template, so that AllowAccessFromWebToAuthenticatedUsersOnly and AllowAccessFromWebToFollowingAuthenticatedUsers are set correctly. Until now there is not much work. Now we have to modify ispcp-dmn-mngr so that the login-data of a new user will be written into a htpasswd-file. Accordingly they should be deleted if you delete the user and modified if you change the password. Probably for this big parts from ispcp-htuser-mngr can be used.
In a further step we could extend the GUI, so that the users can set a separate password for AWStats.
Unfortunately I don't understand enough Perl to realise this.

Another interesting possibility was the script from Jan, but regrettably the thread is broken and he did not respond to my mail to post it again.

[Kwik]

Just want to mention that a password protection is a MUST HAVE, please, please. I will use BeNes workaround meanwhile. ^^

[schultzconsult]

Kwik Wrote:Just want to mention that a password protection is a MUST HAVE, please, please. I will use BeNes workaround meanwhile. ^^

What about using a combination of perl and htaccess?

If someone may enhance this script, it might be a solution. http://perl.apache.org/docs/1.0/guide/se...e_snippets

inserted into a .htaccess file

Code:

PerlModule My::Auth
  
  <Location /private>
    PerlAccessHandler My::Auth::access_handler
    PerlSetVar Intranet "10.10.10.1 => userA, 10.10.10.2 => userB"
    PerlAuthenHandler My::Auth::authen_handler
    AuthName realm
    AuthType Basic
    Require valid-user
    Order deny, allow
    Deny from all
  </Location>

Now the code of My/Auth.pm:

Code:

sub access_handler {
  
        my $r = shift;
  
        unless ($r->some_auth_required) {
                $r->log_reason("No authentication has been configured");
                return FORBIDDEN;
        }
        # get list of IP addresses
        my %ips = split /\s*(?:=>|,)\s*/, $r->dir_config("Intranet");
  
        if (my $user = $ips{$r->connection->remote_ip}) {
  
                # update connection record
                $r->connection->user($user);
  
                # do not ask for a password
                $r->set_handlers(PerlAuthenHandler => [\&OK]);
        }
        return OK;
    }
    
    sub authen_handler {
  
        my $r = shift;
  
        # get user's authentication credentials
        my ($res, $sent_pw) = $r->get_basic_auth_pw;
        return $res if $res != OK;
        my $user = $r->connection->user;
  
        # authenticate through DBI
        my $reason = authen_dbi($r, $user, $sent_pw);
  
        if ($reason) {
                $r->note_basic_auth_failure;
                $r->log_reason($reason, $r->uri);
                return AUTH_REQUIRED;
        }
        return OK;
    }
    
    sub authen_dbi{
      my ($r, $user, $sent_pw) = @_;
  
      # validate username/passwd
  
      return 0 if (*PASSED*) # replace with real code!!!
  
      return "Failed for X reason";
  
    }
    # don't forget 1;
    1;

[BeNe]

If this works - why not ?
We should try it

Greez BeNe

[ephigenie]

yeah but this only works with enabled mod_perl ... and mod_perl with mpm-worker is currently not supported...
Although there're approaches / patches to make it run ... but this should be considered unstable.