Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 30th January 2006, 05:59
max max is offline
Junior Member
 
Join Date: Dec 2005
Location: Melbourne Australia
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default Password protect web stats

Hi Guys,

I am trying to password protect the .../web/stats folders. It seems that you can use Web-FTP to create the .htaccess files, but it is not working for me. The files are created with the right users/passwords, but anyone can still access the /stats/ folder.

Am i doing something wrong? Should the /stats/ folder be protected by default?

This isn't urgent, but i am just a little curious.

Thanks,

Max
Reply With Quote
Sponsored Links
  #2  
Old 30th January 2006, 08:13
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,413
Thanks: 834
Thanked 5,498 Times in 4,328 Posts
Default

The web stats folders where password protected automatically. The .htaccess and .htpassword files where generated by the script /root/ispconfig/scripts/shell/webalizer.php. The usernames and passwords are the users of the website.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 30th January 2006, 09:03
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

The script /root/ispconfig/scripts/shell/webalizer.php runs at 4:00 AM in the morning so you must wait until then until the stats directory of a new web site gets password protected.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 31st January 2006, 05:12
max max is offline
Junior Member
 
Join Date: Dec 2005
Location: Melbourne Australia
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Guys,

Stats directories are NOT automatically protected in my system. I run a 64bit processor and fedora core 4.

Could i have accidently switched off / disabled something somewhere?

Thanks,

Max
Reply With Quote
  #5  
Old 31st January 2006, 05:38
max max is offline
Junior Member
 
Join Date: Dec 2005
Location: Melbourne Australia
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

ok ... i managed to figure out this one myself.

I commented out the line:

AllowOverride None

in the /etc/httpd/conf/httpd.conf file. (not the Vhosts file)

and now the stats folders are password protected.

Does anyone know of a reason why i shouldn't have done that?

Regards,

Max
Reply With Quote
  #6  
Old 1st February 2006, 14:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Quote:
Originally Posted by max
I commented out the line:

AllowOverride None

in the /etc/httpd/conf/httpd.conf file. (not the Vhosts file)
Can you post the lines before and after that line so that we know the context of this line?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 2nd February 2006, 02:59
max max is offline
Junior Member
 
Join Date: Dec 2005
Location: Melbourne Australia
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Falko,

Here's the surrounding info. I have a feeling that i have commented out the line in the wrong place.

Thanks,

Max

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
#AllowOverride None
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
Reply With Quote
  #8  
Old 2nd February 2006, 09:51
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

That's the wrong place because near the end of your Apache configuration you should have something like this:

Code:
<Directory /var/www/*/web>
    Options +Includes -Indexes
    AllowOverride None
    AllowOverride Indexes AuthConfig Limit FileInfo
    Order allow,deny
    Allow from all
    <Files ~ "^\.ht">
    Deny from all
    </Files>
</Directory>
This is set by the ISPConfig installer, and /var/www/*/web (or whatever you chose during installation) is the place where the stats directories are created.
This is the place where you can try to play around a little bit.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 3rd February 2006, 03:35
max max is offline
Junior Member
 
Join Date: Dec 2005
Location: Melbourne Australia
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Falko,

Thanks for the quick response. My web sites reside in /home/www/*/web and the apache directives were set on /var/www/html/*/web. Changing it to the right directory (and undoing my prior change) seems to work perfectly.

Thanks,

max
Reply With Quote
  #10  
Old 3rd February 2006, 10:15
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
 
Default

Quote:
Originally Posted by max
My web sites reside in /home/www/*/web and the apache directives were set on /var/www/html/*/web.
Did you change that after the ISPConfig installation?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Wrong MySQL password?? Blu3 Installation/Configuration 7 10th December 2006 18:41
view webalizer stats kuyaedz General 22 12th March 2006 14:45
Password protect website/directory joostvdl Installation/Configuration 1 18th November 2005 11:05
ISPConfig admin Password linuxuser1 Installation/Configuration 2 21st October 2005 13:38
Mail not accepting username and password! nformosa General 9 14th September 2005 09:58


All times are GMT +2. The time now is 12:21.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.