Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 28th March 2013, 14:11
jims_a_winner jims_a_winner is offline
Junior Member
Join Date: Mar 2013
Posts: 10
Thanks: 3
Thanked 0 Times in 0 Posts
Wink Webalizer Statistics /stats/ folder and .htaccess (HTTPS ONLY HELP)

Hi guys,

I have been months now configuring my ispconfig 3 on CentOS 6.4 installation for PCI DSS Compliance. I have overcome almost all the issues that I was prompted with on the security shortcomings so if anyone has questions (my site scans are performed by security metrics).

However I have one question. The /stats/ folder which is generated by ispconfig daily, the .htaccess it creates allows the username/password to be sent in cleartext. I am trying to force /stats/ to redirect to https://mydomain.com/stats BEFORE it asks for username/password.

I can do this with the following (appended to the already generated .htaccess at the top)

SSLOptions +StrictRequire
SSLRequire %{HTTP_HOST} eq "mydomain.com"

However the .htaccess is overwritten frequently I believe.

My issue would be resolved with either of the following,
A) I can modify the code written to .htaccess file in the ispconfig cron files, I have had a brief look but cannot actually find the script which writes them at the moment.

B) I can disable ispconfig from creating the stats folder automatically.

What solutions would you think suitable and any further ideas on this would be a great help!
Reply With Quote
Sponsored Links


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing default .htaccess in stats folder dclardy Developers' Forum 2 7th April 2010 20:51
Password protection of folder via .htaccess cgick General 2 23rd March 2010 17:07

All times are GMT +2. The time now is 05:06.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.