HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (
-   Installation/Configuration (
-   -   Webalizer Statistics /stats/ folder and .htaccess (HTTPS ONLY HELP) (

jims_a_winner 28th March 2013 14:11

Webalizer Statistics /stats/ folder and .htaccess (HTTPS ONLY HELP)
Hi guys,

I have been months now configuring my ispconfig 3 on CentOS 6.4 installation for PCI DSS Compliance. I have overcome almost all the issues that I was prompted with on the security shortcomings so if anyone has questions (my site scans are performed by security metrics).

However I have one question. The /stats/ folder which is generated by ispconfig daily, the .htaccess it creates allows the username/password to be sent in cleartext. I am trying to force /stats/ to redirect to BEFORE it asks for username/password.

I can do this with the following (appended to the already generated .htaccess at the top)

SSLOptions +StrictRequire
SSLRequire %{HTTP_HOST} eq ""

However the .htaccess is overwritten frequently I believe.

My issue would be resolved with either of the following,
A) I can modify the code written to .htaccess file in the ispconfig cron files, I have had a brief look but cannot actually find the script which writes them at the moment.

B) I can disable ispconfig from creating the stats folder automatically.

What solutions would you think suitable and any further ideas on this would be a great help!

Rockdrala 28th March 2013 15:02

Are you using apache or nginx?

jims_a_winner 28th March 2013 15:41

Apache. Thank you.


jims_a_winner 28th March 2013 18:28

Any ideas on this, would like to make the changes before the start of the bank holiday weekend so i can set the sitescans and hopefully have passed the tests by my return.

Jim Dixon

All times are GMT +2. The time now is 14:15.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.