[Pkg-awstats-devel] Bug#590953: Docs should illustrate how to protect access to /cgi-bin/awstats.pl
Olivier Berger
olivier.berger at it-sudparis.eu
Fri Jul 30 13:59:24 UTC 2010
Package: awstats
Severity: wishlist
I'd suggest to add in the README.Debian.gz instructions on how to protect access to the awstats.pl cgi using an .htaccess and .htpasswd.
For instance, this should indicate to :
1) change the deafult / default-ssl conf file to allow overriding AuthConfig :
<Directory "/usr/lib/cgi-bin">
# AllowOverride None
AllowOverride AuthConfig
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
2) to mention adding a /usr/lib/cgi-bin/.htaccess containing for instance :
<FilesMatch "awstats.pl">
AuthName "Login Required"
AuthType Basic
AuthUserFile /etc/awstats/.htpasswd
require valid-user
</FilesMatch>
3) that one could create the /etc/awstats/.htpasswd with :
# htpasswd -c /etc/awstats/.htpasswd whatever_user
4) and that apache needs restarting.
This is basic web server admin tasks, but may help anyway, just as an example of what to do next.
Hope this helps.
Best regards,
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Pkg-awstats-devel
mailing list