SEARCH

 

LATEST NEWS

New layout has been released on janhvizdak.comSome pages including homepage still need to be migrated to the new layout, this should be finished soon. If something doesn't work properly, let me know, please.
21/07/2012

News regarding updates of JanHvizdak.COMAll pages are about to be revised and updated if necessary. New content will be added - this includes new Apache-related articles, Oracle-related tips, several online tools.
14/07/2012

News regarding Cross-Linker pluginI'm working on a new release (2.0.2) of Cross-Linker plugin for WordPress, more information to be found on the official page of Cross-Linker: /make-donation-cross-linker-plugin-wordpress.html.
14/07/2012

Password Protection of /usage/ Directory (Webalizer) on GoDaddy Dedicated Server

The Problem

Yesterday (check the date at the bottom of this article to understand the meaning of "yesterday" :) ) I realised that my /usage directory on my dedicated server was available for anyone. Some bot tried to access various directories yesterday; such as /webalizer, /usage2, /stats, /logs, /log. One of them was also /usage. As I don't want anyone to see the statistics except for people who I allow to do so, it was necessary to fix this issue as fast as possible. The method below works on a dedicated server by GoDaddy with TurboPanel (Simple Control Panel). Bear in mind that the paths may be different on your server! In order to execute all commands below you should be logged in as root, or your group should have root privileges.

The Solution

  • Find the apache-config.xsl file (command in one line):

    find / -name apache-config.xsl

  • Once you see where it is, make a backup of the file (command in one line):

    cp /usr/share/turbopanel/webapp/WEB-INF/classes/com/godaddy/turbopanel/framework/systems/apache/apache-config.xsl /usr/share/turbopanel/webapp/WEB-INF/classes/com/godaddy/turbopanel/framework/systems/apache/apache-config.xsl.old

  • Edit the apache-config.xsl (command in one line):

    nano /usr/share/turbopanel/webapp/WEB-INF/classes/com/godaddy/turbopanel/framework/systems/apache/apache-config.xsl

  • Find this piece of code:

    <xsl:text>Directory /var/www/stats/</xsl:text>
    <xsl:value-of select="../ServerName"/>
    <xsl:value-of select="$rbracket"/>
    <xsl:value-of select="$newline"/>
    <xsl:value-of select="$tab"/>
    <xsl:value-of select="$tab"/>
    <xsl:text>Order allow,deny</xsl:text>
    <xsl:value-of select="$newline"/>
    <xsl:value-of select="$tab"/>
    <xsl:value-of select="$tab"/>
    <xsl:text>Allow from all</xsl:text>
    <xsl:value-of select="$newline"/>
    <xsl:value-of select="$tab"/>
    <xsl:value-of select="$lbracket"/>
    <xsl:text>/Directory</xsl:text>
    <xsl:value-of select="$rbracket"/>
    <xsl:value-of select="$newline"/>
    <xsl:value-of select="$newline"/>
    </xsl:when>

  • Remove the above-code from the file and put this into there:

    <xsl:text>Directory /var/www/stats/</xsl:text>
    <xsl:value-of select="../ServerName"/>
    <xsl:value-of select="$rbracket"/>
    <xsl:value-of select="$newline"/>
    <xsl:value-of select="$tab"/>
    <xsl:value-of select="$tab"/>
    <xsl:text>Order allow,deny</xsl:text>
    <xsl:value-of select="$newline"/>
    <xsl:value-of select="$tab"/>
    <xsl:value-of select="$tab"/>
    <xsl:text>Allow from all</xsl:text>
    <xsl:value-of select="$newline"/>
    <xsl:value-of select="$tab"/>
    <xsl:value-of select="$tab"/>
    <xsl:text>AllowOverride All</xsl:text>
    <xsl:value-of select="$newline"/>
    <xsl:value-of select="$tab"/>
    <xsl:value-of select="$lbracket"/>
    <xsl:text>/Directory</xsl:text>
    <xsl:value-of select="$rbracket"/>
    <xsl:value-of select="$newline"/>
    <xsl:value-of select="$newline"/>
    </xsl:when>

  • Press CTRL-X and confirm saving the file. Restart TurboPanel and Apache by executing the following commands (one by one):

    /etc/init.d/turbopanel restart
    /etc/rc.d/init.d/httpd restart

  • If something went wrong and httpd didn't start, restore the configuration file by renaming the old file and restart TurboPanel along with Apache once again. If things are OK, open your Simple Control Panel, go to each domain's setup, make sure that they have "Webalizer" setting checked. Click on "Save" on each domain (perhaps it will not be necessary). Then execute following commans in your shell:

    cd /var/www/stats
    nano .htaccess

  • The .htaccess file should have this content:

    AuthName "Secure Area"
    AuthType Basic
    AuthUserFile /var/www/stats/.htpasswd
    require valid-user

  • Now execute this command and confirm the password:

    htpasswd -c .htpasswd YourUserName

  • Once you confirm the password, try opening your /usage directory via web browser. It should be password-protected. For instance, try my own /usage/ directory. If you want different users for different domains hosted on your server, you should go deeper than /var/www/stats/ and configure different .htaccess and .htpasswd for each domain or subdomain. I own all websites on my server, so it's not necessary to configure more than one user and a general protection of entire /var/www/stats ensures that each /usage directory is protected by users and passwords as defined in /var/www/stats/.htpasswd.