Hello,
Thank you. Do you have a setup similar to mine?
Does this configuration look better? I took out the <location> entries
and put the authentication section that was previously in it in the
awstats cgi directory.
Thanks.
Dave.
# awstats
Alias /awstatsclasses "/usr/local/www/awstats/classes/"
Alias /awstatscss "/usr/local/www/awstats/css/"
Alias /awstatsicons "/usr/local/www/awstats/icon/"
ScriptAlias /awstats/ "/usr/local/www/awstats/cgi-bin/"
<Directory "/usr/local/www/awstats/">
Options None
AllowOverride None
Require all granted
</Directory>
<Directory "/usr/local/www/awstats/cgi-bin/">
Options ExecCGI
AddHandler cgi-script .cgi .pl
# This is to force authentication when trying to access /awstats
# mod_authn_core and mod_auth_basic configuration
# for mod_authn_dbd
AuthType Basic
AuthName "Awstats Access"
# To cache credentials, put socache ahead of dbd here
AuthBasicProvider socache dbd
# Also required for caching: tell the cache to cache dbd lookups!
AuthnCacheProvideFor dbd
#AuthnCacheContext my-server
# mod_authn_dbd SQL query to authenticate a user
AuthDBDUserPWQuery "SELECT passwd FROM auth WHERE username = %s AND active=1"
require valid-user
</Directory>
On 4/3/18, Eric Covener <covener@xxxxxxxxx> wrote:
> On Tue, Apr 3, 2018 at 9:32 AM, David Mehler <dave.mehler@xxxxxxxxx> wrote:
>> Hello,
>>
>> I've got two questions both about running awstats in a multiple domain
>> setup on apache 2.4.
>>
>> I've got the below block in each of my ssl-enabled virtual hosts that
>> use awstats. Everything is working. First of all can I get a
>> confirmation that my authentication and authorization settings are
>> good?
>
> It is unwise to use Location for this, because a subtly different URL
> might lead to the CGI on disk -- which is not even hypothetical in
> this case!
>
> Use Directory for the auth (you have the cfg section already) so it
> doesn't matter how you get there.
>
>> Second, currently I have to:
>>
>> domain.com/awstats/awstats.pl
>>
>> which does work. I'd like to change things so that the last awstats.pl
>> is not needed so that users can just go to:
>>
>> domain.com/awstats
>>
>
> Since the static elements are in separate dirs (from you Alias
> directives), it might be safe to access the script as /awstats. But
> generally you want to avoid stripping things like segments as it will
> screw with the other relative stuff.
>
>> and they'll be prompted for a username/password and then be able to use
>> awstats.
>>
>> # awstats
>> Alias /awstatsclasses "/usr/local/www/awstats/classes/"
>> Alias /awstatscss "/usr/local/www/awstats/css/"
>> Alias /awstatsicons "/usr/local/www/awstats/icon/"
>> ScriptAlias /awstats/ "/usr/local/www/awstats/cgi-bin/"
>
> I guess the above does not work. ScriptAliasMatch might be more
> clear/concise and will work.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|