{"id":869,"date":"2009-05-23T16:38:52","date_gmt":"2009-05-23T14:38:52","guid":{"rendered":"http:\/\/www.marblestation.com\/?p=869"},"modified":"2012-04-26T16:16:53","modified_gmt":"2012-04-26T14:16:53","slug":"awstats-con-autenticacion-y-geolocalizacion-de-ips","status":"publish","type":"post","link":"https:\/\/www.marblestation.com\/?p=869","title":{"rendered":"Awstats con autenticaci\u00f3n y geolocalizaci\u00f3n de IPs"},"content":{"rendered":"

En el art\u00edculo sobre seguridad t\u00e9cnica en un sistema Ubuntu<\/a> habl\u00e9 por primera vez de awstat<\/a> como herramienta para monitorizar los accesos a p\u00e1ginas web. Veamos como a\u00f1adir restricciones de acceso y geolocalizaci\u00f3n de IPs.
\n<\/p>\n

La configuraci\u00f3n base la podemos mejorar a\u00f1adiendo autenticaci\u00f3n, para esto tendremos que tener activos varios m\u00f3dulos de nuestro servidor apache:<\/p>\n

\r\na2enmod auth_basic\r\na2enmod authn_file\r\na2enmod authz_user\r\n<\/pre>\n
Editamos el fichero donde hayamos definido el dominio de nuestra p\u00e1gina web, por ejemplo “\/etc\/apache2\/sites-enabled\/000-ejemplo.com” y debajo de:<\/p>\n
\r\nScriptAlias \/cgi-bin\/awstats.pl \/usr\/lib\/cgi-bin\/awstats.pl\r\n<\/pre>\n
A\u00f1adimos:<\/p>\n
\r\n    <Directory \/usr\/lib\/cgi-bin\/awstats.pl>\r\n        AllowOverride All\r\n        Options FollowSymLinks\r\n        Order allow,deny\r\n        allow from all\r\n\r\n        AuthName \"Acceso restringido a Estad\u00edsticas\"\r\n        AuthType basic\r\n        AuthUserFile \/etc\/awstats\/htpasswd.ejemplo.com\r\n        require valid-user\r\n    <\/Directory>\r\n<\/pre>\n
De esta forma estamos indicando a Apache que queremos autenticar los usuarios que accedan a “awstats.pl” y que los usuarios\/contrase\u00f1as los tiene que comprobar en el fichero “\/etc\/awstats\/htpasswd.ejemplo.com”. As\u00ed que necesitamos crear este \u00faltimo fichero con los usuarios que necesitemos:<\/p>\n
\r\nhtpasswd -cm \/etc\/awstats\/htpasswd.ejemplo.com usuario1\r\nhtpasswd -m \/etc\/awstats\/htpasswd.ejemplo.com usuario2\r\n<\/pre>\n
Para mayor seguridad, en la configuraci\u00f3n de awstats (p.ej. ‘\/etc\/awstats\/awstats.ejemplo.com.conf’) indicamos que \u00fanicamente queremos que awstats se muestre a usuarios autenticados:<\/p>\n
\r\nAllowAccessFromWebToAuthenticatedUsersOnly=1\r\n<\/pre>\n
Reiniciamos apache y ya tenemos restringido el acceso a awstats:<\/p>\n
\r\n\/etc\/init.d\/apache reload\r\n<\/pre>\n
Por otra parte, si queremos a\u00f1adir geolocalizaci\u00f3n de IPs a awstats:<\/p>\n
\r\nsudo -s\r\napt-get install liburi-perl libgeo-ip-perl\r\nmkdir \/usr\/local\/share\/GeoIP\r\ncd \/usr\/local\/share\/GeoIP\r\nwget http:\/\/geolite.maxmind.com\/download\/geoip\/database\/GeoLiteCountry\/GeoIP.dat.gz\r\nwget http:\/\/geolite.maxmind.com\/download\/geoip\/database\/GeoLiteCity.dat.gz\r\nwget http:\/\/geolite.maxmind.com\/download\/geoip\/database\/asnum\/GeoIPASNum.dat.gz\r\ngzip -d *\r\n<\/pre>\n
Y a\u00f1adimos a la configuraci\u00f3n de awstats  (p.ej. ‘\/etc\/awstats\/awstats.ejemplo.com.conf’):<\/p>\n
\r\nLoadPlugin=\"geoip GEOIP_STANDARD \/usr\/local\/share\/GeoIP\/GeoIP.dat\"\r\nLoadPlugin=\"geoip_city_maxmind GEOIP_STANDARD \/usr\/local\/share\/GeoIP\/GeoLiteCity.dat\"\r\nLoadPlugin=\"geoip_org_maxmind GEOIP_STANDARD \/usr\/local\/share\/GeoIP\/GeoIPASNum.dat\"\r\n<\/pre>\n
Listo una configuraci\u00f3n modelo de awstats por si resulta de utilidad, donde tambi\u00e9n se incluyen secciones extra especialmente pensadas por si la p\u00e1gina en cuesti\u00f3n es un wordpress:<\/p>\n
\r\nLogFile=\"\/var\/log\/apache2\/vhosts\/ejemplo.com.access.log\"\r\nLogFormat=1\r\nDNSLookup=1\r\nDirData=\"\/var\/lib\/awstats\/ejemplo.com\/\"\r\nDirCgi=\"\/cgi-bin\"\r\nDirIcons=\"\/icon\"\r\nSiteDomain=\"ejemplo.com\"\r\nHostAliases=\"www.ejemplo.com\" # Separated by spaces\r\nAllowToUpdateStatsFromBrowser=1\r\nAllowFullYearView=3\r\nAllowAccessFromWebToAuthenticatedUsersOnly=1\r\nSkipFiles=\"REGEX[^\\\/wp-admin] REGEX[^\\\/wp-includes\\\/wlwmanifest.xml] REGEX[^\\\/cgi-bin\\\/awstats.pl] REGEX[^\\\/icons] REGEX[^\\\/w00tw00t\\.at\\.ISC\\.SANS\\.DFind]\"\r\nSkipHosts=\"REGEX[^192\\.168\\.]\"\r\nNotPageList=\"css js class gif jpg jpeg png bmp ico swf\" # what file extensions will not be counted as Page Views or Downloads\r\n#LevelForWormsDetection=2 # Full detection (decreases speed by 15%\r\n#ShowWormsStats=HBL\r\n\r\n# \"\/js\/awstats_misc_tracker.js\" needs to be added to webpage\r\n# More info: http:\/\/awstats.sourceforge.net\/docs\/awstats_config.html#MiscTrackerUrl\r\nMiscTrackerUrl=\"\/js\/awstats_misc_tracker.js\"\r\nShowScreenSizeStats=1\r\nShowMiscStats=1\r\n\r\n# Show domains\/country chart\r\n# # Context: Web, Streaming, Mail, Ftp\r\n# # Default: PHB, Possible column codes: PHB\r\nShowDomainsStats=UVPHB\r\n\r\n\r\nLoadPlugin=\"tooltips\" # Help\r\nLoadPlugin=\"decodeutfkeys\" # makes it possible to show keywords and keyphrases correctly using national characters\r\nLoadPlugin=\"geoip GEOIP_STANDARD \/usr\/local\/share\/GeoIP\/GeoIP.dat\"\r\nLoadPlugin=\"geoip_city_maxmind GEOIP_STANDARD \/usr\/local\/share\/GeoIP\/GeoLiteCity.dat\"\r\nLoadPlugin=\"geoip_org_maxmind GEOIP_STANDARD \/usr\/local\/share\/GeoIP\/GeoIPASNum.dat\"\r\n\r\n\r\nExtraSectionName1=\"Wordpress entries\"\r\n# Code 304: Not modified\r\n# Code 200: OK\r\nExtraSectionCodeFilter1=\"200 304\"\r\n# http:\/\/domain\/?p=100\r\nExtraSectionCondition1=\"URL,\\\/\"\r\nExtraSectionFirstColumnTitle1=\"Entry ID\"\r\nExtraSectionFirstColumnValues1=\"QUERY_STRING,p=([^&]+)\"\r\nExtraSectionFirstColumnFormat1=\"www.ejemplo.com\/?p=%s<\/a>\"\r\n##\r\n## U = Unique visitors\r\n## V = Visits\r\n## P = Number of pages\r\n## H = Number of hits (or mails)\r\n## B = Bandwith (or total mail size for mail logs)\r\n## L = Last access date\r\n## E = Entry pages\r\n## X = Exit pages\r\n## C = Web compression (mod_gzip,mod_deflate) \r\nExtraSectionStatTypes1=UVPHBL\r\nExtraSectionAddAverageRow1=0\r\nExtraSectionAddSumRow1=1\r\nMaxNbOfExtra1=10\r\nMinHitExtra1=1\r\n\r\nExtraSectionName2=\"Wordpress pages\"\r\nExtraSectionCodeFilter2=\"200 304\"\r\nExtraSectionCondition2=\"URL,\\\/\"\r\nExtraSectionFirstColumnTitle2=\"Page ID\"\r\nExtraSectionFirstColumnValues2=\"QUERY_STRING,page_id=([^&]+)\"\r\nExtraSectionFirstColumnFormat2=\"www.ejemplo.com\/?page_id=%s<\/a>\"\r\nExtraSectionStatTypes2=UVPHBL\r\nExtraSectionAddAverageRow2=0\r\nExtraSectionAddSumRow2=1\r\nMaxNbOfExtra2=10\r\nMinHitExtra2=1\r\n\r\n\r\nExtraSectionName3=\"Top downloads\"\r\nExtraSectionCodeFilter3=\"200 304\"\r\nExtraSectionCondition3=\"URL,(.*((\\.diff)|(\\.doc)|(\\.pdf)|(\\.rtf)|(\\.sh)|(\\.tgz)|(\\.zip)|(\\.bz2)|(\\.gz)))\"\r\nExtraSectionFirstColumnTitle3=\"Download\"\r\nExtraSectionFirstColumnValues3=\"URL,(.*)\"\r\nExtraSectionFirstColumnFormat3=\"%s<\/a>\"\r\nExtraSectionStatTypes3=HBL\r\nExtraSectionAddAverageRow3=0\r\nExtraSectionAddSumRow3=1\r\nMaxNbOfExtra3=10\r\nMinHitExtra3=1\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
En el art\u00edculo sobre seguridad t\u00e9cnica en un sistema Ubuntu habl\u00e9 por primera vez de awstat como herramienta para monitorizar los accesos a p\u00e1ginas web. Veamos como a\u00f1adir restricciones de acceso y geolocalizaci\u00f3n de IPs.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,6],"tags":[],"class_list":["post-869","post","type-post","status-publish","format-standard","hentry","category-espanyol","category-tecnologia"],"_links":{"self":[{"href":"https:\/\/www.marblestation.com\/index.php?rest_route=\/wp\/v2\/posts\/869","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.marblestation.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.marblestation.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.marblestation.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.marblestation.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=869"}],"version-history":[{"count":4,"href":"https:\/\/www.marblestation.com\/index.php?rest_route=\/wp\/v2\/posts\/869\/revisions"}],"predecessor-version":[{"id":1219,"href":"https:\/\/www.marblestation.com\/index.php?rest_route=\/wp\/v2\/posts\/869\/revisions\/1219"}],"wp:attachment":[{"href":"https:\/\/www.marblestation.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=869"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.marblestation.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=869"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.marblestation.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=869"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}