Re: [cobalt-users] Webalizer Password Protected Directories

["Wayne Sagar" <shortfork@xxxxxxxxxxx>]

> Any ideas why Webalizer 2.01.6-3 on my RaQ4r only password protects the
> stats for sites that have FrontPage extensions enabled? On every one of the
> sites where FrontPage Extensions are disabled, the stats show up for anyone
> without prompting for the admin's password. Does anyone know how to fix 
> this

By default, the RaQ sets your /etc/httpd/conf/access.conf will have an entry 
near the top:

<Directory />
Options None
AllowOverride None
AuthFailDelay 2000000
</Directory>

Which is the way you want it so leave that one, further down the page you'll 
find:

# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"

AllowOverride None

Which you can change to ALL or any of the above. I think for your purposes 
you'd need to change it only to AuthConfig.

To explain why the fp enabled sites work, at the bottom of the page, you'll 
see another entry:

<Directory /home/sites/siteXX>
AllowOverride All
Options All
</Directory>

Likly, there will be entries here for every FP site you have enabled on your 
site.  They need .htaccess enabled so that FP will work right.

The bad thing about webalizer is that it uses the user passwords to 
authorize and this puts that password out there on every query of the 
passwords. You can create an .htaccess file and an .htpassword file for each 
stats folder with a non critical password for the users with a password file 
located whereever you specify in the .htpassword file..

WS

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.