| Author |
Message |
KerneL
*nix forums beginner
Joined: 28 Jan 2005
Posts: 37
|
 Posted: Tue Mar 08, 2005 1:40 pm Post subject:
Awstats secure patch
|
|
|
Can anybody tell meu how to secure Awstats the vulnerable version agains the exploits but without upgrading to a new version?
Thx |
|
| Back to top |
|
 |
mihai
*nix forums addict
Joined: 27 Jan 2005
Posts: 71
|
| Posted: Tue Mar 08, 2005 4:23 pm Post subject:
re:Awstats secure patch
|
|
|
just make sure you restrict access to awstats .
Use a .htaccess file that contains:
| Code: |
AuthName awstats
AuthUserFile /path/to/awstats.pwd
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
|
Save the .htaccess file in the same directory where you have your awstats.pl script.
/path/to/awstats.pwd is the file that contains the user/password info for the users that will have access to awstats.pl, it is recommended you keed this file in a directory that is not accessible from web.
to add a user to this file you can use :
if the file /path/to/awstats.pwd is not empty use :
| Code: | | htpasswd username /path/to/awstats.pwd |
if the file is empty you should use :
| Code: | | htpasswd -c username /path/to/awstats.pwd |
|
|
| Back to top |
|
|
KerneL
*nix forums beginner
Joined: 28 Jan 2005
Posts: 37
|
| Posted: Wed Mar 09, 2005 6:55 pm Post subject:
re:Awstats secure patch
|
|
|
|
Thx but with what user should i run this commands root? or i can run with apache? |
|
| Back to top |
|
|
mihai
*nix forums addict
Joined: 27 Jan 2005
Posts: 71
|
| Posted: Wed Mar 09, 2005 8:59 pm Post subject:
re:Awstats secure patch
|
|
|
|
you can run with with any user as long as the user has write permissions to the file htpasswd will use to store passwords. |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
Linux
