httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject Re: [users@httpd] awstats removing script path and authentication check
Date Tue, 03 Apr 2018 13:41:08 GMT
On Tue, Apr 3, 2018 at 9:32 AM, David Mehler <> wrote:
> Hello,
> I've got two questions both about running awstats in a multiple domain
> setup on apache 2.4.
> I've got the below block in each of my ssl-enabled virtual hosts that
> use awstats. Everything is working. First of all can I get a
> confirmation that my authentication and authorization settings are
> good?

It is unwise to use Location for this, because a subtly different URL
might lead to the CGI on disk -- which is not even hypothetical in
this case!

Use Directory for the auth (you have the cfg section already) so it
doesn't matter how you get there.

> Second, currently I have to:
> which does work. I'd like to change things so that the last
> is not needed so that users can just go to:

Since the static elements are in separate dirs (from you Alias
directives), it might be safe to access the script as /awstats. But
generally you want to avoid stripping things like segments as it will
screw with the other relative stuff.

> and they'll be prompted for a username/password and then be able to use awstats.
> # awstats
> Alias /awstatsclasses "/usr/local/www/awstats/classes/"
> Alias /awstatscss "/usr/local/www/awstats/css/"
> Alias /awstatsicons "/usr/local/www/awstats/icon/"
> ScriptAlias /awstats/ "/usr/local/www/awstats/cgi-bin/"

I guess the above does not work. ScriptAliasMatch might be more
clear/concise and will work.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message