Cannot login into Webalizer statistics

Discussion in 'General' started by letezo, Apr 18, 2009.

  1. letezo

    letezo New Member

    OS: Ubuntu 8.04 LTS
    ISPConfig is installed (latest stable)

    I've set a statistics password in ISPConfig 3 interface, waited 1 min, then verified, that the .htpasswd_stats has been written to the right web folder and has the username admin and my password encrypted. Despite this I can't login into the /stats/ folder of my site.

    Tried to search all the files under /etc/ for "htpasswd_stats" (without the dot, for simplicity), but haven't found a single configuration file referencing that. So it is not a miracle that I can't login. I get the login dialog, however, so the authentication seems to be configured somewhere.

    I've tried to find the specification of the /stats/ directory in the Apache config files without success. So I don't know where is it configured at all.

    Could you please point me to the relevant configuration files?

    I've read all the related threads and searched the Web already.

    What did I do wrong? Missing steps?
  2. letezo

    letezo New Member

    Found the files

    More info on this:

    I've just found the stats folder is in the filesystem:

    (It is not an Alias or so in a config file as I expected.)

    There is a .htaccess file there referencing the .htpasswd_stats file:

    AuthType Basic
    AuthName "Members Only"
    AuthUserFile /var/clients/client1/web1/.htpasswd_stats
    <limit GET PUT POST>
    require valid-user
    So it is in the client's web folder, not somewhere under /etc. It was my mistake. Now trying to figure out why it doesn't let me in...
  3. letezo

    letezo New Member

    Seems to be a generic problem with HTTP authentication

    It seems to be a generic problem with HTTP authentication here. The Web server managed by ISPConfig 3 is behind a firewall and accessed through a Squid proxy server configured in "reverse proxy" mode.

    I've configured mod_rpaf to the Web server (Apache 2.2) to allow using the contents of the X-Forwarded-For header added by Squid as the client's IP address. But it seems to not relate to HTTP authentication at all AFAIK. Maybe I'm not aware of something special here...
  4. letezo

    letezo New Member

    I think I've found the real problem here:

    See "Access to password protected content fails via the reverse proxy" at the bottom of the Wiki page:

    "If the content on the web servers is password protected then you need to tell the proxy to trust your web server with authentication credentials."

    So I need to configure Squid accordingly.

    I hope this thread will help others solving such a problem quicker than me.
  5. letezo

    letezo New Member


    That's all. I had to append this to the end of my cache_peer line in my squid.conf: login=PASS

    PASS is not your password! You need to append the exact string above to that configuration line.

    Don't forget to restart or reload squid after changing its configuration file!

    Thanks for reading. ;-)

Share This Page