Password protected directory

lital · October 3, 2009, 6:40pm

hey everyone,

new to piwik and I’d like to put the piwik management interface inside an apache’s (htaccess) password protected directory. Since I know it’s supposed to return some javascript tag to put in the website which I’m guessing is supposed to somehow communicate with the piwik management interface then I figured that this might be a problem.

Just wondering indeed if it is a problem or not…

Thanks.

dbunyard · October 5, 2009, 12:43am

I would like to be able to allow access to the web admin from a handful of IP addresses. Best I can tell, if I lock down the whole directory then nothing will be able to log hits. Basically, I want to log from a number of domains on different servers, but I only want the login page available to a set group of IP addresses. Is there a way to do this? What files need world access and what files can I restrict down?
Thanks for your help,
Dan

kasparsa · October 5, 2009, 7:25am

We ristrict login to some IP-Adresses via httpd.conf (or .htaccess as you like).

We use

<Location /piwik/index.php>
    Order deny,allow
    Deny from all
    Allow from [IPAdresses]
</Location>
<Location /piwik/piwik.js>
    Order allow,deny
    Allow from all
</Location>

kaspar

dbunyard · October 5, 2009, 10:21pm

[quote=kaspar @ Oct 5 2009, 07:25 AM]We ristrict login to some IP-Adresses via httpd.conf (or .htaccess as you like).

We use

<Location /piwik/index.php>
    Order deny,allow
    Deny from all
    Allow from [IPAdresses]
</Location>
<Location /piwik/piwik.js>
    Order allow,deny
    Allow from all
</Location>

kaspar[/quote]

Any way to do this under IIS? style_emoticons/<#EMO_DIR#>/wink.gif

eugen723674 · October 11, 2009, 3:40am

[quote=lital @ Oct 3 2009, 06:40 PM]hey everyone,

new to piwik and I’d like to put the piwik management interface inside an apache’s (htaccess) password protected directory. Since I know it’s supposed to return some javascript tag to put in the website which I’m guessing is supposed to somehow communicate with the piwik management interface then I figured that this might be a problem.

Just wondering indeed if it is a problem or not…

Thanks.[/quote]

Hi!

I wanna do the same. I am using piwik in an htaccess secured domain!
The Piwik code we use on our sites but still need access to two files: piwik.js and piwik.php
So your htacess should look something like this:

AuthType Basic
AuthName "Piwik"
AuthUserFile "/home/whatever/.htpasswds/public_html/passwd"
<Files *.*>
require valid-user
</Files>
<Files piwik.js>
satisfy any
</Files>
<Files piwik.php>
satisfy any
</Files>
<Files robots.txt>
satisfy any
</Files>

So everyone will have access to piwik.php + piwik.js + robots.txt.

To the admins / piwik-team:
Is this correct? Does the piwik tracking code only need to connect to piwik.php and piwik.js or is there any other file who we need give access to?

Thanks for answering!

eugen723674 · October 11, 2009, 6:21pm

anyone can answer this question please?
thanks

vipsoft · October 11, 2009, 9:11pm

No, not that I can see in the IIS documentation.

One option would be to set up both public and private web servers, the only difference being the public server would not have index.php.

vipsoft · October 11, 2009, 10:40pm

UI and API requests are funneled through index.php. The tracking side needs piwik.js and piwik.php.

If that .htaccess works for you, go ahead, but I would caution others to check their particular site’s Order, Allow, and Deny settings.

eugen723674 · October 11, 2009, 10:56pm

hi vipsoft!

“UI and API requests are funneled through index.php”

What does that mean exactly? Sorry my english isnt that good.
Does the tracking needs the index.php also?

Till yet (after 1 day) i see that something is tracked … the visitis. But it seems that some search engine data and website referal data and even some visits are not counted. style_emoticons/<#EMO_DIR#>/sad.gif

I thought free access to the piwik.php and piwik.js would be enough - is that wrong?

Greetings
Eugen

eugen723674 · October 11, 2009, 11:22pm

Me again …

As long as i can see, the tracking code only connects to the piwik.php and the piwik.js - as marked below in the code.

So giving free access to those two files thru my htacess file should be ok and every visitor and every visitor-data (referal, screensize, and so on) should be tracked, am i right?

kasparsa · October 12, 2009, 6:19am

Isn’t even enough to give access only to piwik.js? We use it that way and visits are tracekd. See also this topic some days ago: forum.piwik.org/index.php?showtopic=1579

Edit: the way this forum handles links seems te be quite buggy…

eugen723674 · October 12, 2009, 11:19am

hi kaspar!

no! i think you need free access to BOTH files, as you can see on my post from Yesterday, 11:22 PM. The script connects to piwik.php if javascript is disabled to count the visit. Maybe an official can tell us more?

Yes, also noticed that this board got a linking problem/bug.

Greetings
Eugen

vipsoft · October 12, 2009, 11:43am

all: I merged these topics as they’re related.

kaspar: yes, there’s a bug in the forum code when typing in URLs. The workaround is to use bbcode.

all: .htaccess is a localized, runtime modifier. What works for you, may not work for others as it depends on your respective apache configuration (eg httpd.conf or .htaccess in a parent folder).

eugen: tracking does not use index.php; tracking only requires piwik.js and piwik.php. I seem to recall that SATISFY used in conjunction with ALLOW/DENY…

eugen723674 · October 12, 2009, 9:00pm

hi vipsoft …

ok now i understand style_emoticons/<#EMO_DIR#>/smile.gif

But it works fpr uns perfectly. We gave access to piwik.js and piwik.php for all and this should be 100% ok to track everything.

Even our htaccess works fine, even on other sites we used phpmyvisites for years and done it the same way.

Greets
Eugen