apacheurl-rewritingiconscgiawstats

Awstats tool : issue with missing icons and histogram bars on main page of Awstats - probably an issue of path defined into Apache


I meet difficulties to make appear with awstats tool (CGI script), icons and associated histogram bars, on one of my website (dubbed here website.com).

The issue is pretty tricky since I am using different RewriteCond and RewriteRules to get http://www.website.com, http://website.com, https://www.website.com redirections to https://website.com target.

Moreover, the task is more complex because I have a Zope server after Apache.

So, to summarize, here below all these rewritecond and rewriterules which produce what is expected, i.e all redirections to https://website.com and access by password to the awstats tool. Everything is working fine except the fact that icons and histograms are missing in main page of awstats once this latter is loaded:

<VirtualHost *:443>

    # Test local
    ServerAdmin admin@website.com
    ServerName website.com
    ServerAlias www.website.com 

    # LOG
    CustomLog /var/log/apache2/access.log combined

    # ACTIVATE SSL
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/website.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/website.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/website.com/chain.pem

    RewriteEngine On
    # www to non www for HTTPS
    # checking for the same thing again
    RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
    # some people might argue second redirect here is excessive since you already arrived at correct host, but I'd leave this for you to sort out
    RewriteRule ^/(.*) https://website.com/$1 [R=301,L] 
    # your /cgi-bin checks can be merged into one regex 
    RewriteCond %{REQUEST_URI} !^/cgi-bin/(search|awstats) [NC]
    RewriteRule ^/(.*)  https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]

    SSLProxyEngine On
    RequestHeader set Front-End-Https "On"
    #CacheDisable *

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

    Alias /awstatsclasses "/usr/share/awstats/lib/"
    Alias /awstats-icon "/usr/share/awstats/icon/"
    Alias /awstatscss "/usr/share/fdoc/awstats/examples/css"

<Files "awstats.pl">
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        SetHandler cgi-script
        Satisfy any
        Order deny,allow
        Deny from all
        AuthType Basic
        AuthName "Advanced Web Statistics"
        AuthUserFile /etc/apache2/awstats-users.pwd
        Require valid-user
</Files>

<Directory "/usr/share/awstats/icon">
        AllowOverride None
        Order allow,deny
        Allow from all
</Directory>

<Directory "/usr/lib/cgi-bin/">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
        SSLRequireSSL
</Directory>

</VirtualHost>

I am not an expert about the CGI scripts and their alias. All the icons are located into /usr/share/awstats/icon/ directory.

Where is my error?

UPDATE 1 :

0) I realized that Alias /awstatsclasses "/usr/share/awstats/lib/" and Alias /awstatscss "/usr/share/doc/awstats/examples/css" don't seem to be necessary, but for Alias /awstats-icon "/usr/share/awstats/icon/", this is necessary.

However, this is an issue of CSS but I think the most important file is the directory of icons.

1) I have found and installed the package awstats_7.6 for Debian 10 Buster.

Now, all files (plugin, lib, lang etc ...) are located into /usr/share/awstats/

For the moment, I have further informations from Apache2 logs. When I reload the awstats page (reachable from https://website.com/cgi-bin/awstats.pl) , I get into access.log :

    100.87.10.76 - - [02/Apr/2020:01:20:06 +0200] "GET /awstats-icon/browser/notavailable.png HTTP/1.1" 404 434 "https://website.com/cgi-bin/awstats.pl?framename=mainright" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:74.0) Gecko/20100101 Firefox/74.0"
    100.87.10.76 - - [02/Apr/2020:01:20:06 +0200] "GET /awstats-icon/other/hx.png HTTP/1.1" 404 434 "https://website.com/cgi-bin/awstats.pl?framename=mainright" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:74.0) Gecko/20100101 Firefox/74.0"
    100.87.10.76 - - [02/Apr/2020:01:20:06 +0200] "GET /awstats-icon/other/he.png HTTP/1.1" 404 434 "https://website.com/cgi-bin/awstats.pl?framename=mainright" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:74.0) Gecko/20100101 Firefox/74.0"
    ... etc

I have put etc to mean all the list of icons missing.

2) Moreover, I have this message at the top once I load awstats main page :

enter image description here

Conclusion : I don't know anymore what to try. However, from the 1) part above, I have explicitely indicated in Apache2 config file :

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
Alias /awstats-icon "/usr/share/awstats/icon"

with permissions :

drwxr-xr-x 9 www-data www-data 4096 Apr  2 16:25 /usr/share/awstats/icon/

3) Finally, I think the most interesting information comes from the error.log of Apache2 :

[Thu Apr 02 01:37:04.344047 2020] [proxy:debug] [pid 19209] proxy_util.c(2578): [client 100.87.10.76:40246] AH00947: connected /++vh++https:website.com:443/++/awstats-icon/other/hh.png to localhost:8443, referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
[Thu Apr 02 01:37:04.600404 2020] [proxy:debug] [pid 19209] proxy_util.c(2316): AH00942: HTTPS: has acquired connection for (*)

This shows the conflicts between the path of Virtualhost from Zope and the path of CGI scripts from Apache2, especially with the first line :

/++vh++https:website.com:443/++/awstats-icon/other/hh.png to localhost:8443, referer: https://website.com/cgi-bin/awstats.pl?framename=mainright

What do you think about all these clues ?

UPDATE 2: Following the suggestion of @Tom Hundt, I generate a deeper analysis into log rewrite. Below is what I get when I load the awstats main page.

[Sun Apr 05 16:17:01.057073 2020] [rewrite:trace3] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] applying pattern '^/(.*)' to uri '/awstats-icon/other/hx.png', referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
[Sun Apr 05 16:17:01.057093 2020] [rewrite:trace3] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] applying pattern '^/(.*)' to uri '/awstats-icon/other/hx.png', referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
[Sun Apr 05 16:17:01.057107 2020] [rewrite:trace2] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] rewrite '/awstats-icon/other/hx.png' -> 'https://localhost:8443/++vh++https:website.com:443/++/awstats-icon/other/hx.png', referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
[Sun Apr 05 16:17:01.057120 2020] [rewrite:trace2] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] forcing proxy-throughput with https://localhost:8443/++vh++https:website.com:443/++/awstats-icon/other/hx.png, referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
[Sun Apr 05 16:17:01.057131 2020] [rewrite:trace1] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] go-ahead with proxy request proxy:https://localhost:8443/++vh++https:website.com:443/++/awstats-icon/other/hx.png [OK], referer: https://website.com/cgi-bin/awstats.pl?framename=mainright

It seems an interesting line is :

[Sun Apr 05 16:17:01.057073 2020] [rewrite:trace3] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] applying pattern '^/(.*)' to uri '/awstats-icon/other/hx.png', referer: https://website.com/cgi-bin/awstats.pl?framename=mainright

It is indicated that pattern '^/(.*)' is applied to to uri '/awstats-icon/other/hx.png'.

So I conclude that my isssue since the beginning comes from the rewrite rules I apply on URL with cgi-bin directory, i.e when I do :

RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
RewriteRule ^/(.*) https://website.com/$1 [R=301,L]
RewriteCond %{REQUEST_URI} !^/cgi-bin/(search|awstats) [NC]
RewriteRule ^/(.*)  RewriteRule ^/(.*)  https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]

Do you agree ?


Solution

  • Your current config prevents proxying for /cgi-bin/ with the RewriteCond here:

    RewriteCond %{REQUEST_URI} !^/cgi-bin/(search|awstats) [NC]
    RewriteRule ^/(.*)  https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]
    
    

    You need also short-circuit for /awstats* so they aren't proxied to that zope nonsense.
    Multiple conditions are AND'ed by default so it's easy:

    RewriteCond %{REQUEST_URI} !^/awstats [NC]
    RewriteCond %{REQUEST_URI} !^/cgi-bin/(search|awstats) [NC]
    RewriteRule ^/(.*)  https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]