Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Developers' Forum

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 7th October 2008, 15:41
Vaddiszno Vaddiszno is offline
Junior Member
 
Join Date: Oct 2008
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Webalizer & Fedora8 : blocked stats

Hi

I am using ispconfig with webalizer on fedora 8. A was able to view the statistics generated by the webalizer before.
After some ispconfig and fedora 8 update cycle now I can't do that.
After the usually login (username/pass) at www.xxxxx.com/stats I am getting this error message.

404 Error - File not found!
The following error occurred:
The requested URL was not found on this server.
Please check the URL or contact the Webmaster.

The file index.html is definitely there.

I've done some experience, so the problem is as follows:

Each html file generated by webalizer contains the line
<!-- Generated by The Webalizer Ver. 2.01-10 -->

However, the file

/etc/httpd/modsecurity.d/modsecurity_crs_50_outbound.conf

contains the line

# Statistics pages revealed
SecRule RESPONSE_BODY "\b(?:Th(?:is (?:summary was generated by.{0,100}?(?:w(?:ebcruncher|wwstat)|analog|Jware) |analysis was
produced by.{0,100}?(?:calamaris|EasyStat|analog)|report was generated by WebLog)|ese statistics were produced by (?:getsta
ts|PeLAB))|[gG]enerated by.{0,100}?[Ww]ebalizer)\b" \
"phase:4,t:none,ctl:auditLogParts=+E,deny,log,audi tlog,status:404,msg:'Statistics Information Leakage',id:'970002',s
everity:'4'"

So this denies the sending of the .html's over the httpd server which is generated by webalizer.

I didn't want to make a workaround about this for myself, just suggest to fix it.
Reply With Quote
Sponsored Links
  #2  
Old 8th October 2008, 12:31
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by Vaddiszno View Post
Each html file generated by webalizer contains the line
<!-- Generated by The Webalizer Ver. 2.01-10 -->
I think you can turn this off in webalizer.conf somewhere.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 21st January 2009, 19:27
papokergod papokergod is offline
Junior Member
 
Join Date: Jan 2009
Posts: 27
Thanks: 0
Thanked 1 Time in 1 Post
 
Default

this can be fixed by adding the line

SecRule REMOTE_ADDR "^xxx.xxx.xxx.xxx$" phase:1,nolog,allow,ctl:ruleEngine=Off,ctl:auditEn gine=Off

where xxx.xxx.xxx.xxx is the external "real" ip you want to allow webalizer stats to be show to

I would recommend this as this will allow you to still block the stats to unwanted visitors /hacks. instead of removing the line which falko recommended
Reply With Quote
The Following User Says Thank You to papokergod For This Useful Post:
falko (22nd January 2009)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
missing webalizer stats bolero Installation/Configuration 15 12th November 2008 16:28
Disable Webalizer stats bixtro General 2 10th September 2008 09:09
again on webalizer stats gilas Installation/Configuration 6 6th October 2006 16:16
webalizer stats not accessible only for one user gilas Installation/Configuration 4 21st July 2006 13:08
view webalizer stats kuyaedz General 22 12th March 2006 14:45


All times are GMT +2. The time now is 08:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.