minitutorials main logo the place to learn online

Sponsor This Site!
Sponsorship Details - miniTutorials is taking enquiries into various Sponsorship opportunities. Available NOW! Read More on our Sponsorship page.
This Page Sponsored by :
Proudly Sponsored by Your Company name here!
miniTutorials Sponsorship
Donate!
Consider donating to keep this site alive and up to date. Click on the Donate button to go straight to PayPal site and make a donation of an amount you choose.


More information on where the money goes on the Donations page.
Discussion Forums
visit the mini tutorial forums
For expert help and advice on any of our Tutorials or anything else .... visit the forums and ask away!!
Google Ads
My Profile

Details about the owner of this site can be found at :-

ohloh profile
View Gavin McDonald's profile on LinkedIn
Powered by a
UK2 Dedicated Server

Apache Web Server.

ActivePerl and AWStats Installation Instructions.

Intermediate Level

Step 5 - Protect your Site Stats

What do I mean by that?

Well, its up to you, personally I feel that AWStats is a powerful enough program that some of the stats that it produces can be an advantage to others in terms of information that could compromise security to your site/server, or could be useful to Spam merchants or just general competition. Your stats in other words, can be analysed by others unless protected.

So whats the solution?

By default the awstats.pl file is placed in the /cgi-bin/ (scripts) directory of your site. As you know from the previous config page, you can access this file and read the stats produced by typing in http://yoursite.com/awstats.pl?config=yoursite. The trouble is, so can I, and so can everyone else. I wont waffle any more, other than to suggest you type in 'awstats.pl' into google and see how many thousands of other peoples site stats you can now view.

When I wrote this part of the tutorial, awstats (5.6) did not have a protection scheme in place as part of the config. This has now changed and version 6.4 and some earlier versions include a new option in the config file to limit access to your stats.

in awstats.yoursite.conf file locate this line :

AllowAccessFromWebToFollowingIPAddresses=""

and add in any IP addresses that you want to allow access to your site stats. If left blank as it is by default, then anyone can access your stats. For example, to only allow from the server itself and your local network.

AllowAccessFromWebToFollowingIPAddresses="127.0.0.1 192.168.0.1-192.168.0.20"

Only add remote addresses that you are sure of who is at that address and not a dynamic IP address as assigned by an ISP.

For historic purposes and for those with earlier versions of AWStats that do not include this config option, here is what I used to say:

There are a number of ways to prevent your stats from being seen, the most obvious it would seem is via the use of a password protection scheme such as .htaccess provided by Apache. Well, actually, Apache do not recommend the use of .htaccess files unless is absolutely neccessary, ( read more at Apache.org or http://localhost/manual/howto/htaccess.html from your Apache Server machine - scrolling down to 'When (not) to use .htaccess files'. )
I agree and the method shown below is my simple solution to the problem. (simple once I'd thought of it!) Open up your Apache config file 'httpd.conf' and find the section like this :-

<Directory "C:/Apache2/Apache2/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory>

and change it to look like this :-

<Directory "C:/Apache2/Apache2/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from localhost Satisfy Any </Directory>

and thats it, one line changed , one line added. Stop and Start your Apache Web Server and your back in business.

How do you access your stats now?

Typing in http://yoursite.com/cgi-bin/awstats.pl?config=yoursite will now produce a '403 Forbidden' error message, telling you that you dont have permission to access the stats. Good news, neither can anyone else. But you can locally, by typing in http://localhost/cgi-bin/awstats.pl?config=yoursite from your Server.

Now the above situtation suits my circumstances, you can alter the line Allow from localhost to suit yours. (Such as Allow from 192.168.0 or Allow from 10.0.0 for access from all your local network. Or Allow from localhost 111.222.333.444 where 111.222.333.444 is a remote computer address somewhere. Endless choices.)

There is more information on some extra configurations available for awstats in the extra configs page

left arrow depicting to go back Back to Download and install AWStats | Forward to Introduction to PHP right arrow depicting to go forward

tutorial sponsors logo

About Us | Site Map | Privacy Policy | Contact Us | ©2002 - 2007 miniTutorials.com