Matomo Tracker Proxy, Opt-out iframe AND htaccess - 401 denied problem


#1

Hi everyone,

I am trying to use Matomo Tracker Proxy as well as Matomo’s Opt Out iframe. All works well until I add the .htaccess instructions mentioned here, as below

<Files "*">
 AuthType Basic
 AuthName "Piwik"
 # to be explicit, state the provider
 AuthBasicProvider file
 AuthUserFile "/PATH/TO/.htpasswd"
 Require valid-user
</Files>
 
# Allow external access to piwik.php and piwik.js and robots.txt
<FilesMatch "(^piwik\.(php|js)|robots\.txt)">
 Require all granted
</FilesMatch>

# Allow Opt-Out
<Files "index.php">
 <If "(%{QUERY_STRING} == 'module=CoreAdminHome&action=optOut')">
   Require all granted
 </If>
</Files>

Once that is in place, I get an error:

HTTP401: DENIED - The requested resource requires user authentication. GET - http://example.com/matomo-proxy.php?module=CoreAdminHome&action=optOut&language=en&backgroundColor=&fontColor=&fontSize=&fontFamily=

Would anyone know how to modify the .htaccess to fix this? Apologies, I sense that this is an easy fix, but I don’t understand enough to do it myself so would appreciate any help.

Thanks very much.


(Fabian Dellwing) #2

The problem is, that your PHP file is named matomo-proxy.php, but the .htaccess expects it to be piwik.php or index.php.

Oh and the QUERY_STRING will also not match.

Try the following:


# Allow Opt-Out
<Files "matomo-proxy.php">
 <If "(%{QUERY_STRING} =~ /^module\=CoreAdminHome\&action\=optOut/)">
   Require all granted
 </If>
</Files>

#3

Thank you :grinning: :clap: !! Your QUERY_STRING did the trick! I didn’t have to change index.php to matomo-proxy.php in the end. This is the final .htaccess that works for me now:

<Files "*">
 AuthType Basic
 AuthName "Piwik"
 # to be explicit, state the provider
 AuthBasicProvider file
 AuthUserFile "/PATH/TO/.htpasswd"
 Require valid-user
</Files>
 
# Allow external access to piwik.php and piwik.js and robots.txt
<FilesMatch "(^piwik\.(php|js)|robots\.txt)">
 Require all granted
</FilesMatch>

# Allow Opt-Out
<Files "index.php">
 <If "(%{QUERY_STRING} =~ /^module\=CoreAdminHome\&action\=optOut/)">
   Require all granted
 </If>
</Files>

I will add this to the original .htaccess instructions thread to help others at my level.

Thanks again!


(Fabian Dellwing) #4

Please see Using .htaccess to restrict access for some additional information.