Separate URL for Dashboard


(Mr. Bean) #1

Hello,

i’m using piwik since version 0.4.x and development is really impressive. But there is one feature i’m missing.

Right now piwik is using the same url for tracking and for the dashboard (host.fqdn/piwik/). For security reasons it would make sense to have a separate dashboard/backend url. Maybe something like host.fqdn/piwik/dashboard/. The normal url could show a blank page without a login form or any other information. The dashboard url should provide the login form and can be protected with htaccess or an ip rule. Then possible bugs in the login form or the dashboard code could not (so easily) be exploited.

greetings,
Mr. Bean


(vipsoft) #2

It’s already separate. The URLs are

host.fqdn/piwik/index.php (dashboard)
host.fqdn/piwik/piwik.php (tracker)

Example .htaccess files are given in http://forum.piwik.org/index.php?showtopic=4431


(Mr. Bean) #3

Thanks for the hint Vipsoft. And here are my apache config snippets:

HTTP virtual host with tracker access:

<Directory /usr/share/piwik>
  Order                         allow,deny
  <Files ~ "^piwik\.(js|php)$">
    Allow from all
  </Files>
  Options                       FollowSymLinks
  AllowOverride                 Limit Options FileInfo
</Directory>

HTTPS virtual host with tracker and dashboard (behind ldap auth) access:

<Directory /usr/share/piwik>
  <Files "*">
    <IfModule mod_authnz_ldap.c>
     AuthBasicProvider          ldap
     AuthType                   Basic
     AuthLDAPURL                "ldap://ldap.fqdn/ou=people,dc=domain,dc=fqdn"
     AuthLDAPBindDN             "uid=binduser,ou=people,dc=domain,dc=fqdn"
     AuthLDAPBindPassword       "Password"
     AuthName                   "Admin Access"
     Require ldap-user          "admin"
    </IfModule>
  </Files>
  <Files ~ "^piwik\.(js|php)$">
    Allow from all
    Satisfy any
  </Files>
  Options                       FollowSymLinks
  AllowOverride                 Limit Options FileInfo
</Directory>

greetings,
Mr. Bean