Limiting HTTP downloading with htaccess

	Simple statistics — rest assured
	home sign up more info support contact

One simple method for allowing Stats to safely download your log files is to make them available from your web server but secure it with a username and password. This has the advantage that the web server only allows Stats access to published information and that the username and password keep other users from accessing the logs.

This tutorial assumes you have a Unix or Unix-like server running Apache. To set this up, you will need to have Telnet or Shell access to your web server. You should know the location of your log files and should be comfortable with on editor, such as 'vi' or 'pico'.

To begin with log in to your web server using Telnet or another Shell client. Change directory to the folder where your web site documents are stored:

[siteadm@www siteadm]$ cd www/htdocs

Next use the htpasswd utility to create a password file that will hold the login information. You should store this in a location that is not on your web site, such as your home directory. In the following example, the file '.htpasswd-logs' is created in the user's home directory ('~/') with a new user, 'log_user' added to it.

[siteadm@www htdocs]$ htpasswd -c log_user ~/.htpasswd-logs
New password:
Re-type new password:
Adding password for user /home/siteadm/.htpasswd-logs

When creating the user, you will need to come up with a password and enter that twice (to make sure you get it right). Remember what these are so you can give them to Stats later. When the htpasswd program finishes, it will give you the fully-qualified name of the file where the password is stored. Make a note of this for the next step.

Now you need to create the .htaccess file that tells Apache that a username and password are needed to read from this directory. You can do this with any editor that you are comfortable with. The following example shows the editor 'vi', 'pico' is also available on many systems. You should create this file in the folder where your log files are stored.

[siteadm@www htdocs]$ vi ../logs/.htaccess

The .htaccess file should have the following lines in it. For the value of AuthUserFile use the fully-qualified name of the password file you created in the last step. You can change the value for AuthName if you choose.

AuthUserFile /home/siteadm/.htpasswd-logs
AuthGroupFile /dev/null
AuthName "Private Website"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

Save the file and exit the editor. The final step on the server is to make a link from the real logs folder to a place in your web site. If you are in the web site documents directory you can use a command like this (where ../logs/ points to the folder where your web server logs are stored):

[siteadm@www htdocs]$ ln -s ../logs/ logs

Now that you have set up your server, you can exit the Telnet or shell session and continue to configure the Stats setup. Fill in the information for the website using the new user name and password. For the Location field in the form use a URL like http://WWW.DOMAIN.COM/logs/ where WWW.DOMAIN.COM is the name of your web site.

For example, if your web site is www.website.com and the new account you created is log_user then your "Create a report" form might look like this: