Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Developers' Forum

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 27th July 2006, 02:16
djtremors djtremors is offline
Senior Member
 
Join Date: Apr 2006
Location: Sydney
Posts: 278
Thanks: 0
Thanked 13 Times in 11 Posts
Default Alternate stats page

Hey all,

I'm also working on putting awstats as I like it more than webalizer even though the security flaws it's had in the past but with htaccess it would prevent alot more attacks from anonymous access anyway.

I've got it all working but 1 thing, .htpasswd files...

The problem is that awstats uses cgi and it's own path instead of /cgi-bin/ but I want to put .htacces inside that so only users can access the page but maintaining a common .htpasswd inside a common path is my issue.
Currently .htpasswd and .htaccess for stats are inside users home paths and to change that to a common path seems like hell for me.

any ideas?

only thing I could think of was searching each home path and `cat $home/.htpasswd >> /home/httpd/awstats-cgibin/.htpasswd` so any changes are copied over.. very crude but it could work..

is there a neater way I can maintain this command password file if someone changes their password it would also change in this common file?

I also have another issue with a htpasswd file which the user is admin:$1${somehashvalue} which is not the user.. how did this get there and how do I change it? I already created an admin user for the site but it doesn't change this file..????
Reply With Quote
Sponsored Links
  #2  
Old 27th July 2006, 05:45
djtremors djtremors is offline
Senior Member
 
Join Date: Apr 2006
Location: Sydney
Posts: 278
Thanks: 0
Thanked 13 Times in 11 Posts
Default

Ah cool. I've been modifying /root/ispconfig/scripts/shell/webalizer.php and made it update the global .htpasswd list in the stats page.

All good. just have an issue where i modified the .htaccess in the /stats/ directory to auto redirect the user to /ispcstats/awstats.pl?config=www.domain.com but what happens is that the browser seems to auto add a / at the end which causes problems with awstats picking up the "config" parameter as www.domain.com/ not www.domain.com

so I had to use an index.php and use the header("Location:...." ) method which works but if a site isn't php enabled then i'm screwed.

Last edited by djtremors; 27th July 2006 at 05:48.
Reply With Quote
  #3  
Old 27th July 2006, 09:32
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Quote:
Originally Posted by djtremors
so I had to use an index.php and use the header("Location:...." ) method which works but if a site isn't php enabled then i'm screwed.
Did this redirect (.html file) solve the problem?

Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="refresh" content="0;URL=/ispcstats/awstats.pl?config=www.domain.com" />
<title>Statistics</title>
</head>

<body>
</body>
</html>
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 27th July 2006, 09:40
djtremors djtremors is offline
Senior Member
 
Join Date: Apr 2006
Location: Sydney
Posts: 278
Thanks: 0
Thanked 13 Times in 11 Posts
Default

I actually ended up cheating a little and placed this into the .htaccess file in the ./stats dir.

Redirect 301 /stats http://www.domainsite.com.au/ispcsta...insite.com.au&


The & at the end stopped the / getting into the domain parameter.

I'll keep a note on that for next time.

I'll even put in a mod for anyone who prefers to use awstats on their server once I get all the mods down and checked.
Reply With Quote
  #5  
Old 27th July 2006, 09:54
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

@DJ: What about generating static stats with awstats? So you don't need to care about security flaws by stats accessing users, and don't need to care about cgi-bin stuff
Reply With Quote
  #6  
Old 27th July 2006, 11:25
djtremors djtremors is offline
Senior Member
 
Join Date: Apr 2006
Location: Sydney
Posts: 278
Thanks: 0
Thanked 13 Times in 11 Posts
Default

I can create a static output but when you select another month/date it calls the cgi... unless I'm doing something wrong.
Doesn't matter, works well now.
Reply With Quote
  #7  
Old 27th July 2006, 13:14
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Are the user accounts in your awstats configuration still separated, so that customer A can not read the statistics from customer B even if he uses the domain of customer B as domain= parameter?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 27th July 2006, 14:05
djtremors djtremors is offline
Senior Member
 
Join Date: Apr 2006
Location: Sydney
Posts: 278
Thanks: 0
Thanked 13 Times in 11 Posts
Default

the configuration is always seperate, it's the awstats.pl script thats global and the problem. Once I've logged in and if I know another domain that is hosted on the same server, I just change the config=www.domain1.com to conf=www.domain2.com and i can see it.
You just have to know it's there to begin with.

Because the .htpasswd file contains all the users together, i don't know how (without seperating the awstats) to lock each domain.

hmm.. ill sleep on this one.
Reply With Quote
  #9  
Old 1st August 2006, 06:51
djtremors djtremors is offline
Senior Member
 
Join Date: Apr 2006
Location: Sydney
Posts: 278
Thanks: 0
Thanked 13 Times in 11 Posts
Default

hey all, I managed to get some time and work on this awstats auth problem.

there's 2 settings in the conf file which you can set to check the authentication.

AllowAccessFromWebToAuthenticatedUsersOnly=1
AllowAccessFromWebToFollowingAuthenticatedUsers=""

I changed it in a way so eahc sites config has it's own custom settings and it includes the main template config.
the site's config contains the AllowAccessFromWebToFollowingAuthenticatedUsers="m yuser1 myuser2"

Now, attempting to browse someone elses stats with your login now failed with
PHP Code:
ErrorUser 'web15_djtremors' is not allowed to access statistics of this domain/config
works like a treat.
Reply With Quote
  #10  
Old 1st August 2006, 08:42
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
 
Default

Sounds great
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
New Default Holding Page mphayesuk General 13 7th July 2007 17:25
webalizer stats not accessible only for one user gilas Installation/Configuration 4 21st July 2006 14:08
The page cannot be displayed on Port: 81 nysprite Installation/Configuration 1 21st June 2006 12:42
New Site Shows Apache Default page not uploaded index.html mojosound Installation/Configuration 35 18th April 2006 11:59
Accessing the ISPConfig Web Page nformosa Installation/Configuration 1 9th September 2005 15:13


All times are GMT +2. The time now is 09:53.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.