Password Protection of /usage/ Directory (Webalizer) on GoDaddy Dedicated Server

Yesterday (check the date at the bottom of this article to understand the meaning of "yesterday" :) ) I realised that my /usage directory on my dedicated server was available for anyone. Some bot tried to access various directories yesterday; such as /webalizer, /usage2, /stats, /logs, /log. One of them was also /usage. As I don't want anyone to see the statistics except for people who I allow to do so, it was necessary to fix this issue as fast as possible. The method below works on a dedicated server by GoDaddy with TurboPanel (Simple Control Panel). Bear in mind that the paths may be different on your server! In order to execute all commands below you should be logged in as root, or your group should have root privileges.

1. Find the apache-config.xsl file (command in one line): 2. Once you see where it is, make a backup of the file (command in one line): 3. Edit the apache-config.xsl (command in one line): 4. Find this piece of code: 5. Remove the above-code from the file and put this into there: 6. Press CTRL-X and confirm saving the file. Restart TurboPanel and Apache by executing the following commands (one by one): 7. If something went wrong and httpd didn't start, restore the configuration file by renaming the old file and restart TurboPanel along with Apache once again. If things are OK, open your Simple Control Panel, go to each domain's setup, make sure that they have "Webalizer" setting checked. Click on "Save" on each domain (perhaps it will not be necessary). Then execute following commans in your shell: 8. The .htaccess file should have this content: 9. Now execute this command and confirm the password: Once you confirm the password, try opening your /usage directory via web browser. It should be password-protected. For instance, try my own /usage/ directory. If you want different users for different domains hosted on your server, you should go deeper than /var/www/stats/ and configure different .htaccess and .htpasswd for each domain or subdomain. I own all websites on my server, so it's not necessary to configure more than one user and a general protection of entire /var/www/stats ensures that each /usage directory is protected by users and passwords as defined in /var/www/stats/.htpasswd.

September 12, 2010