Webalizer & Fedora8 : blocked stats

Discussion in 'Developers' Forum' started by Vaddiszno, Oct 7, 2008.

  1. Vaddiszno

    Vaddiszno New Member

    Hi

    I am using ispconfig with webalizer on fedora 8. A was able to view the statistics generated by the webalizer before.
    After some ispconfig and fedora 8 update cycle now I can't do that.
    After the usually login (username/pass) at www.xxxxx.com/stats I am getting this error message.

    404 Error - File not found!
    The following error occurred:
    The requested URL was not found on this server.
    Please check the URL or contact the Webmaster.

    The file index.html is definitely there.

    I've done some experience, so the problem is as follows:

    Each html file generated by webalizer contains the line
    <!-- Generated by The Webalizer Ver. 2.01-10 -->

    However, the file

    /etc/httpd/modsecurity.d/modsecurity_crs_50_outbound.conf

    contains the line

    # Statistics pages revealed
    SecRule RESPONSE_BODY "\b(?:Th(?:is (?:summary was generated by.{0,100}?(?:w(?:ebcruncher|wwstat)|analog|Jware)|analysis was
    produced by.{0,100}?(?:calamaris|EasyStat|analog)|report was generated by WebLog)|ese statistics were produced by (?:getsta
    ts|PeLAB))|[gG]enerated by.{0,100}?[Ww]ebalizer)\b" \
    "phase:4,t:none,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Statistics Information Leakage',id:'970002',s
    everity:'4'"

    So this denies the sending of the .html's over the httpd server which is generated by webalizer.

    I didn't want to make a workaround about this for myself, just suggest to fix it.
     
  2. falko

    falko Super Moderator ISPConfig Developer

    I think you can turn this off in webalizer.conf somewhere.
     
  3. papokergod

    papokergod New Member

    this can be fixed by adding the line

    SecRule REMOTE_ADDR "^xxx.xxx.xxx.xxx$" phase:1,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off

    where xxx.xxx.xxx.xxx is the external "real" ip you want to allow webalizer stats to be show to

    I would recommend this as this will allow you to still block the stats to unwanted visitors /hacks. instead of removing the line which falko recommended
     

Share This Page