apache24 Directives for AWStats and phpMyAdmin

zzatskl

zzatskl

I have apache24 installed on FreeBSD 10.0. I have installed www/awstats, which after configuration adds the following lines to httpd.conf:

Code: 
<Directory "/usr/local/www/awstats/">
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

But these Directory Directives don't work for apache24. After research I amended the Directives too:

Code: 
<Directory "/usr/local/www/awstats/">
    Require all granted
</Directory>

I had to do a similar modification after the installation of phpMyadmin as follows:
Code: 
Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"
<Directory "/usr/local/www/phpMyAdmin/">
    Require all granted
</Directory>

I'm not sure what I've done. Have I left a security hole? Any guidance greatly appreciated. I want to get back to restricting access to these services by IP address using something similar to apache22 "Allow from" directive.

Also, can anybody offer help in installing the AWStats Maxmind GeoIP Plugin's for the free downloadable databases http://dev.maxmind.com/geoip/geoip2/geolite2/. I find the documentation sparse. You'd save me a lot of head scratching. GeoIP would be useful to find how many local searches I'm receiving on my websites.

Thanks in advance.
 
zzatskl said:
But these Directory Directives don't work for apache24. After research I amended the Directives too:

Code: 
<Directory "/usr/local/www/awstats/">
    Require all granted
</Directory>
Click to expand...
One of the advantages of FreeBSD is that the official documentation for the software you run on it will also apply. So if you're puzzled by the changed access control rules then my advice would be to check the Access control documentation.

In short; if you wish to continue to use the traditional access controls then you might want to check out the mod_access_compat Apache module. Although it will be removed in the future it could make your life easier right now.

And in answer to your question; yes, the configuration above basically grants everyone access.

If you wish to deny access except for some specific hosts you'd use something in the likes of:

Code: 
<Location /awstats>
   Require all denied
   Require ip your.ip.address.here
</Location>
The only reason I used a Location is because it was easier to type ;)
 
Thank you ShelLuser for a quick reply, I've amended my httpd.conf to:

Code: 
<Directory "/usr/local/www/awstats/">
    Require all denied
    Require host myhome.no-ip.co.uk
    Require ip 192.168.1
</Directory>

and similarly for my phpMyAdmin Directive. This allows access from my all devices on my LAN and home network that has a FQDN using a dynDNS from http://www.noip.com/, where myhome is my Subdomain.

I also studied Apache Module mod_authz_host - quote from the page "to control access to particular parts of the server. Access can be controlled based on the client hostname or IP address."

I'm sure this post will help folks when they upgrade to apache24.

Cheers
 
I have just updated phpMyAdmin and the installation profile now advises on apache24 installs as follows:

Code: 
For Apache version 2.4.x or above:

    Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"
    <Directory "/usr/local/www/phpMyAdmin/">
        Options None
        AllowOverride Limit
        Require local
        Require host .example.com
    </Directory>
 
You must log in or register to reply here.
Back
Top