Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 18007 invoked from network); 29 Sep 2004 14:56:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 29 Sep 2004 14:56:51 -0000 Received: (qmail 47809 invoked by uid 500); 29 Sep 2004 14:56:35 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 47780 invoked by uid 500); 29 Sep 2004 14:56:35 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 47734 invoked by uid 99); 29 Sep 2004 14:56:34 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from [64.201.176.99] (HELO seawolf.visualtech.ca) (64.201.176.99) by apache.org (qpsmtpd/0.28) with SMTP; Wed, 29 Sep 2004 07:56:33 -0700 Received: (qmail 9299 invoked from network); 29 Sep 2004 14:22:36 -0000 Received: from unknown (HELO ?10.197.16.79?) (64.201.173.189) by 0 with SMTP; 29 Sep 2004 14:22:36 -0000 Message-ID: <415ACC15.5000101@visualtech.ca> Date: Wed, 29 Sep 2004 10:52:05 -0400 From: Mark McCulligh User-Agent: Mozilla Thunderbird 0.8 (X11/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 To: users@httpd.apache.org References: <1096308453.415856e599df3@phrenetic.to> <1096385131.4159826b2bd3b@phrenetic.to> <41598530.3020208@visualtech.ca> <415AC9AC.9010105@techquotes.com> In-Reply-To: <415AC9AC.9010105@techquotes.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked Subject: Re: [users@httpd] AWStats and security X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Aman Raheja wrote: > Mark McCulligh wrote: > >> I have a question for anyone else using awstats for their website stats. >> >> I have it installed and running ok. But want to protect the stats so >> only valid users can access their stats. I have created a .htaccess >> file to make sure only valid users can get in but how are people >> protecting valid users from looking at other valid users website >> stats. I don't want customer A looking at customers B stats. >> >> I see that you can have awstats make static web pages using >> "staticlinks" but I want to keep it dynamic. >> >> How are other people protecting their awstats. >> >> Thanks, >> Mark. >> > I have used awstats before i switched to webalizer which gives more > useful info for me. > Well protecting is no big issue i think - esp if you are enabling > .htaccess control then how can users know each other's user/pass info > to look at someone else's stats! > > Aman Raheja > I am doing the opposite from you. I have used webalizer for years but find awstats just looks nicer. Both give about the same information. But customers are in to looks. I have even looked at Urchin or WebTrends to do stats but I don't want to spend the money right now on stats when both webalizer an awstats are good enough for most customers. Now about your .htacess question. It only makes sure valid customers with username/pwd have access to the cgi-bin folder. But once a customer in logged in they can change their config file parameter and get another customer's stats. Example: http://www.customerA.com/awstats/awstats.pl?config=CustomerA User asked for username/pwd, then log in. Then change their URL to http://www.customerA.com/awstats/awstats.pl?config=CustomerB Their how can see CustomerB stats. DOH Mark. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org