Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Securing Awstats on 10.3.9

Ok, thanks for the input. I secured the webpages with realms but i´m a bit worried about the cgi-exploits that seem to plauge awstats. These CGI-vulnerabilites are they possible to exploit for non authenticated users or is the users that have access i should worry about?

- Christian

On 9/26/05, Dan Shoop <email@hidden> wrote:
At 3:41 PM +0200 9/26/05, Christian Enqvist wrote:
>I got a small hosting server running 10.3.9 with awstats for
>analyzing webserver logs and it all works just fine, except for two
>things that are bugging me. First, how do i limit access so that
>they have to log in when accessing stats using a browser?

Same way you secure any other pages, using a realm.

And if you're not doing this, you have a rather significant security issue.

Even securing the pages you'll need to trust your authenticated users
and there have been many well known security exploits using AWSTATS,
a trend which seems to continue as it suffers from some bad
programming.

>.htaccess isnt possible since the logs are owned by the system, right?

Well you're protecting web pages so this is just wooly thinking.

>  Do i use realms, and if so how do i set it up?

Start by reading the docs?
--

-dhan

------------------------------------------------------------------------
Dan Shoop                                                   AIM: iWiring
Systems & Networks Architect                     http://www.iwiring.net/
email@hidden                                 http://www.ustsvs.com/

pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF  12B1 7840 3BE7 3736 DE0B

iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >Securing Awstats on 10.3.9 (From: Christian Enqvist <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.