Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 28th March 2013, 13:11
jims_a_winner jims_a_winner is offline
Junior Member
 
Join Date: Mar 2013
Posts: 10
Thanks: 3
Thanked 0 Times in 0 Posts
Wink Webalizer Statistics /stats/ folder and .htaccess (HTTPS ONLY HELP)

Hi guys,

I have been months now configuring my ispconfig 3 on CentOS 6.4 installation for PCI DSS Compliance. I have overcome almost all the issues that I was prompted with on the security shortcomings so if anyone has questions (my site scans are performed by security metrics).

However I have one question. The /stats/ folder which is generated by ispconfig daily, the .htaccess it creates allows the username/password to be sent in cleartext. I am trying to force /stats/ to redirect to https://mydomain.com/stats BEFORE it asks for username/password.

I can do this with the following (appended to the already generated .htaccess at the top)

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "mydomain.com"

However the .htaccess is overwritten frequently I believe.

My issue would be resolved with either of the following,
A) I can modify the code written to .htaccess file in the ispconfig cron files, I have had a brief look but cannot actually find the script which writes them at the moment.

B) I can disable ispconfig from creating the stats folder automatically.

What solutions would you think suitable and any further ideas on this would be a great help!
Reply With Quote
Sponsored Links
  #2  
Old 28th March 2013, 14:02
Rockdrala Rockdrala is offline
Senior Member
 
Join Date: Dec 2007
Posts: 140
Thanks: 7
Thanked 2 Times in 2 Posts
Default

Are you using apache or nginx?
Reply With Quote
  #3  
Old 28th March 2013, 14:41
jims_a_winner jims_a_winner is offline
Junior Member
 
Join Date: Mar 2013
Posts: 10
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Apache. Thank you.

Jim
Reply With Quote
  #4  
Old 28th March 2013, 17:28
jims_a_winner jims_a_winner is offline
Junior Member
 
Join Date: Mar 2013
Posts: 10
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Any ideas on this, would like to make the changes before the start of the bank holiday weekend so i can set the sitescans and hopefully have passed the tests by my return.

Regards,
Jim Dixon
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing default .htaccess in stats folder dclardy Developers' Forum 2 7th April 2010 19:51
Password protection of folder via .htaccess cgick General 2 23rd March 2010 16:07


All times are GMT +2. The time now is 07:21.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.