[HowTo]My solution to password protect AWStats

[Blondak]

Requirements

• pam_mysql
• mod_auth_pam ( http://pam.sourceforge.net/mod_auth_pam/download.html optional with Patch for setting service name and caching authentication )
  

Setup database
because pam_mysql in current version does not support MD5 you must edit table admin

Code:

ALTER TABLE admin ADD apache_pass VARCHAR(41);

or you can create own table, but than you must update pam config file to match this table.Then set passwords using mysql PASSWORD function (can we change MD5 password to PASSWORD encrypted ones?). I suggest create user as above.

Code:

GRANT SELECT ON ispcp.admin TO XXX@"localhost" IDENTIFIED BY "YYY";FLUSH PRIVILEGES;

this will create user that can only read ispcp.admin

Configure PAM
create config file for pam, if have mod_auth_pam with path for setting service name create file /etc/pam.d/apache-awstats otherwise /etc/pam.d/apache2

Code:

auth    required pam_mysql.so user=XXX passwd=YYY host=localhost db=ispcp table=admin usercolumn=admin_name passwdcolumn=apache_pass crypt=mysql
account required pam_mysql.so user=XXX passwd=YYY host=localhost db=ispcp table=admin usercolumn=admin_name passwdcolumn=apache_pass crypt=mysql

change permissions

Code:

chmod 640 /etc/pam.d/apache-awstats
chown root.www-data /etc/pam.d/apache-awstats

Update /etc/apache2/sites-available/01_awstats.conf
update /etc/apache2/sites-available/01_awstats.conf

Code:

<Directory /usr/lib/cgi-bin>
#add this : begin
        AuthPAM_Enabled on
        AuthPAM_FallThrough off
#next line only with service-name patch
    AuthPAM_ServiceName apache-awstats
        AuthType Basic
        AuthName "AWStats"
        AuthUserFile /dev/null
        AuthBasicAuthoritative Off
        Require valid-user
#add this : end

    AllowOverride none
        Options +ExecCGI
        DirectoryIndex awstats.pl
        Order allow,deny
        Allow from all
    </Directory>

Update AWStats config
next you must update awstats config files

Code:

AllowAccessFromWebToAuthenticatedUsersOnly=1
AllowAccessFromWebToFollowingAuthenticatedUsers="__USERNAMES_WITH_ACCESS__" #(probably domain name)

Done
restart apache and passwords should work

My tips for awstats
i have create file /etc/awstats/support/awstats.common.conf with common configuration for all domain
i update /etc/ispcp/awstats/awstats.ispcp_tpl.conf to following

Code:

Include "/etc/awstats/support/awstats.common.conf"

LogFile="{APACHE_LOG_DIR}/{DOMAIN_NAME}-combined.log"
SiteDomain="{DOMAIN_NAME}"
HostAliases="www.{DOMAIN_NAME} REGEX[^.*\.{DOMAIN_NAME}$]"

AllowAccessFromWebToAuthenticatedUsersOnly=1
AllowAccessFromWebToFollowingAuthenticatedUsers="{DOMAIN_NAME} admin"

reason of this is, when i want etc. add new module I can do it in one file and i don't need to change each file.

I hope that I don't forgot something.

With Regards Blonďák