Protect AWSTATS from prying eyes on Mac OS 10.5 Leopard
One of the more irritaing things you see when you look at your AWSTATS totals each day is seeing how many other people are also looking at your stats.
If you’re running an Apache server on Mac OS 10.5.5 (or earlier), inlcuding your own personal server, there is a way to password-protect your AWSTATS folder, using your htpasswd and your httpd.conf file. This should also work for earlier versions of Mac OS X. For our model, we’re running Apache 2.8.
This is a three-step procedure, that you will perform in Terminal:
1. Creating a htpasswd file. This file will contain a user name and password, and that password will be MD5-encypted.
2. Creating a directive in the /etc/apache2/httpd.conf file. Don’t worry; it’s painless. Just be sure you backup your httpd.conf before editing it … just in case.
3. Rebooting Apache.
Step 1: Creating the htpasswd file
In terminal, either as sudo or superuser, type this, subsituting your information for the example data:
> htpasswd -cm /users/yourmacusername/.htpasswd usernameforthefile
In the example above, the -c stands for “create a file” and the “m” stands for “encrypt the password with MD 5 encryption. To sum up, we’re telling OS X to create a htpassword file, put it in the /users folder under your Mac user name, name that file “.htpassword”, and use the user name you specified. Once you enter the information above, using your own information, you will be prompted to enter a password, and you will be asked to type it again. Your file is created. Not so bad, huh? Before you ask: Yes, you can put the file anywhere you want — just don’t put it in the Apache root, or anywhere that can be reached with a web browser. If you put it in /etc/, be sure to also change the group to either “www” or “wheel.” ‘Nuff said.
Step 2: Creating the directive in /etc/apache2/httpd.conf
The httpd.conf file is a whole lot easier to read if you have a text program that can read line numbers, such as TextWrangler (free) or Smultuon (free). You can also use TextEdit, but you won’t have line numbers. And of course, you can also use the Unix text processors such as vi, pico, or Joe. Rather than give a lesson on how to use these text editors, I will just tell you what needs to be done, and you can figure out how to do it, using the text editor of your choice.
We will assume your awstats folder is in: /Library/WebServer/CGI-Executables/awstats. We will further assume that you have only put the stuff that was in the original AWSTATS wwwroot folder into that folder. In other words, we won’t have to have a complicated folder structure just to view your AWSTATS data. However, if your setup is different, just adjust the instructions below.
Open up the httpd.conf file with your text editor. If you have line numbers, you can look for Line #343. If you don’t have line numbers in your editor, search for this term (sorry, WordPress won’t let me give the exact wordage here):
CGI-Executables
Go down past that directive, which ends in /Directory (sorry, WordPress again), and add these lines. Include the lines that begin with #, which are comment lines, so you can find the section again, and know what this directive does (sorry, WordPress won’t let me use brackets to enclose the opening and closing “Directory” entries below):
# Next directive protects awstats directory
#
Directory
AllowOverride None
Options None
Order allow,deny
Allow from all
Authname “Restricted”
AuthType Basic
AuthUserFile /users/yourmacusername/.htpasswd
Require valid-user
/Directory
#
Note we did not include your password after the term “.htpasswd” in the directive above, because the user name and password are inside that file. Thus, all you need to stipulate is the file name, which is “.htpasswd”.
Step 3: Reboot Apache
Using either sudo or su, in Terminal, type:
>apachectl graceful
That’s it. You’re all done. Now, when you request AWSTATS from your server’s CGI-bin, you’ll be presented with a log-in screen where you will enter the user name and password that are in your htpasswd file. Once you enter that informaton, you will see your AWSTATS data. For security’s sake, make sure you rotate passwords, and try to use letters, numbers, etc., in your passwords so it will be extremely difficult for others to guess your password.
Now, at last, only you will see your AWSTATS data. You can, of course, also add other users to you htpasswd reparte.
These instructions should also work for those running on UNIX/Linux or Windows servers (with some modifications). The concepts are the same.
Complete Geek Boutique 