I meet difficulties to make appear with awstats tool (CGI script), icons and associated histogram bars, on one of my website (dubbed here website.com
).
The issue is pretty tricky since I am using different RewriteCond and RewriteRules to get http://www.website.com, http://website.com, https://www.website.com
redirections to https://website.com
target.
Moreover, the task is more complex because I have a Zope server after Apache.
So, to summarize, here below all these rewritecond and rewriterules which produce what is expected, i.e all redirections to https://website.com
and access by password to the awstats
tool. Everything is working fine except the fact that icons and histograms are missing in main page of awstats
once this latter is loaded:
<VirtualHost *:443>
# Test local
ServerAdmin admin@website.com
ServerName website.com
ServerAlias www.website.com
# LOG
CustomLog /var/log/apache2/access.log combined
# ACTIVATE SSL
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/website.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/website.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/website.com/chain.pem
RewriteEngine On
# www to non www for HTTPS
# checking for the same thing again
RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
# some people might argue second redirect here is excessive since you already arrived at correct host, but I'd leave this for you to sort out
RewriteRule ^/(.*) https://website.com/$1 [R=301,L]
# your /cgi-bin checks can be merged into one regex
RewriteCond %{REQUEST_URI} !^/cgi-bin/(search|awstats) [NC]
RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]
SSLProxyEngine On
RequestHeader set Front-End-Https "On"
#CacheDisable *
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
Alias /awstatsclasses "/usr/share/awstats/lib/"
Alias /awstats-icon "/usr/share/awstats/icon/"
Alias /awstatscss "/usr/share/fdoc/awstats/examples/css"
<Files "awstats.pl">
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
SetHandler cgi-script
Satisfy any
Order deny,allow
Deny from all
AuthType Basic
AuthName "Advanced Web Statistics"
AuthUserFile /etc/apache2/awstats-users.pwd
Require valid-user
</Files>
<Directory "/usr/share/awstats/icon">
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/lib/cgi-bin/">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
SSLRequireSSL
</Directory>
</VirtualHost>
I am not an expert about the CGI scripts and their alias. All the icons are located into /usr/share/awstats/icon/
directory.
Where is my error?
UPDATE 1 :
0) I realized that Alias /awstatsclasses "/usr/share/awstats/lib/"
and
Alias /awstatscss "/usr/share/doc/awstats/examples/css"
don't seem to be necessary, but for Alias /awstats-icon "/usr/share/awstats/icon/"
, this is necessary.
However, this is an issue of CSS
but I think the most important file is the directory of icons.
1) I have found and installed the package awstats_7.6
for Debian 10 Buster
.
Now, all files (plugin, lib, lang etc ...) are located into /usr/share/awstats/
For the moment, I have further informations from Apache2
logs. When I reload the awstats
page (reachable from https://website.com/cgi-bin/awstats.pl
) , I get into access.log
:
100.87.10.76 - - [02/Apr/2020:01:20:06 +0200] "GET /awstats-icon/browser/notavailable.png HTTP/1.1" 404 434 "https://website.com/cgi-bin/awstats.pl?framename=mainright" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:74.0) Gecko/20100101 Firefox/74.0"
100.87.10.76 - - [02/Apr/2020:01:20:06 +0200] "GET /awstats-icon/other/hx.png HTTP/1.1" 404 434 "https://website.com/cgi-bin/awstats.pl?framename=mainright" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:74.0) Gecko/20100101 Firefox/74.0"
100.87.10.76 - - [02/Apr/2020:01:20:06 +0200] "GET /awstats-icon/other/he.png HTTP/1.1" 404 434 "https://website.com/cgi-bin/awstats.pl?framename=mainright" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:74.0) Gecko/20100101 Firefox/74.0"
... etc
I have put etc
to mean all the list of icons missing.
2) Moreover, I have this message at the top once I load awstats main page :
Conclusion : I don't know anymore what to try. However, from the 1)
part above, I have explicitely indicated in Apache2 config file :
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
Alias /awstats-icon "/usr/share/awstats/icon"
with permissions :
drwxr-xr-x 9 www-data www-data 4096 Apr 2 16:25 /usr/share/awstats/icon/
3) Finally, I think the most interesting information comes from the error.log
of Apache2 :
[Thu Apr 02 01:37:04.344047 2020] [proxy:debug] [pid 19209] proxy_util.c(2578): [client 100.87.10.76:40246] AH00947: connected /++vh++https:website.com:443/++/awstats-icon/other/hh.png to localhost:8443, referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
[Thu Apr 02 01:37:04.600404 2020] [proxy:debug] [pid 19209] proxy_util.c(2316): AH00942: HTTPS: has acquired connection for (*)
This shows the conflicts between the path of Virtualhost from Zope
and the path of CGI scripts
from Apache2
, especially with the first line :
/++vh++https:website.com:443/++/awstats-icon/other/hh.png to localhost:8443, referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
What do you think about all these clues ?
UPDATE 2: Following the suggestion of @Tom Hundt
, I generate a deeper analysis into log rewrite. Below is what I get when I load the awstats
main page.
[Sun Apr 05 16:17:01.057073 2020] [rewrite:trace3] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] applying pattern '^/(.*)' to uri '/awstats-icon/other/hx.png', referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
[Sun Apr 05 16:17:01.057093 2020] [rewrite:trace3] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] applying pattern '^/(.*)' to uri '/awstats-icon/other/hx.png', referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
[Sun Apr 05 16:17:01.057107 2020] [rewrite:trace2] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] rewrite '/awstats-icon/other/hx.png' -> 'https://localhost:8443/++vh++https:website.com:443/++/awstats-icon/other/hx.png', referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
[Sun Apr 05 16:17:01.057120 2020] [rewrite:trace2] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] forcing proxy-throughput with https://localhost:8443/++vh++https:website.com:443/++/awstats-icon/other/hx.png, referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
[Sun Apr 05 16:17:01.057131 2020] [rewrite:trace1] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] go-ahead with proxy request proxy:https://localhost:8443/++vh++https:website.com:443/++/awstats-icon/other/hx.png [OK], referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
It seems an interesting line is :
[Sun Apr 05 16:17:01.057073 2020] [rewrite:trace3] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] applying pattern '^/(.*)' to uri '/awstats-icon/other/hx.png', referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
It is indicated that pattern '^/(.*)'
is applied to to uri '/awstats-icon/other/hx.png'
.
So I conclude that my isssue since the beginning comes from the rewrite rules I apply on URL with cgi-bin directory, i.e when I do :
RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
RewriteRule ^/(.*) https://website.com/$1 [R=301,L]
RewriteCond %{REQUEST_URI} !^/cgi-bin/(search|awstats) [NC]
RewriteRule ^/(.*) RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]
Do you agree ?
Your current config prevents proxying for /cgi-bin/ with the RewriteCond here:
RewriteCond %{REQUEST_URI} !^/cgi-bin/(search|awstats) [NC]
RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]
You need also short-circuit for /awstats* so they aren't proxied to that zope nonsense.
Multiple conditions are AND'ed by default so it's easy:
RewriteCond %{REQUEST_URI} !^/awstats [NC]
RewriteCond %{REQUEST_URI} !^/cgi-bin/(search|awstats) [NC]
RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]