Package: awstats
Severity: wishlist
I'd suggest to add in the README.Debian.gz instructions on how to protect
access to the awstats.pl cgi using an .htaccess and .htpasswd.
For instance, this should indicate to :
1) change the deafult / default-ssl conf file to allow overriding AuthConfig :
<Directory "/usr/lib/cgi-bin">
# AllowOverride None
AllowOverride AuthConfig
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
2) to mention adding a /usr/lib/cgi-bin/.htaccess containing for instance :
<FilesMatch "awstats.pl">
AuthName "Login Required"
AuthType Basic
AuthUserFile /etc/awstats/.htpasswd
require valid-user
</FilesMatch>
3) that one could create the /etc/awstats/.htpasswd with :
# htpasswd -c /etc/awstats/.htpasswd whatever_user
4) and that apache needs restarting.
This is basic web server admin tasks, but may help anyway, just as an example
of what to do next.
Hope this helps.
Best regards,
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
