Download & Extend
Piwik Web analytics » Issues

Piwik HTTP-URL not working because of htaccess

Posted by susi_333 on November 8, 2009 at 3:46pm
Project:Piwik Web analytics
Version:6.x-1.1
Component:Miscellaneous
Category:support request
Priority:normal
Assigned:Unassigned
Status:closed (fixed)

Issue Summary

Hi,
I installed piwik, now I'd like to enter my data into the drupal module piwik.
Therefore I have the line "Piwik HTTP-URL" to fill out. The URL to Piwik is behind a htaccess file so I get the error "Fehler „Authorization Required“ fehlgeschlagen (HTTP-Code 401)."
Hmm any hints? However I need the htaccess file.... Many thanks

I postet this post also on the piwik forum page. I will add the result to this side as well then. wasnt shure if its a piwik or drupal problem.

Login or register to post comments

Comments

#1

Posted by hass on November 8, 2009 at 10:17pm
Assigned to:susi_333» Anonymous
Status:active» fixed

Remove this buggy rule, please.

#2

Posted by susi_333 on November 10, 2009 at 12:29pm

I wrote with Alexander and here is a short result:
piwik doesnt work if there is a htaccess file which will protect the whole piwik folder. how to make the piwik data safe? i doent know.
maybe you have to adopt the htaccess file. i wouldnt use piwik as long there is no htaccess. in case someone finds a tuturial about how piwik can be made safe, please write me.
many thanks.

#3

Posted by hass on November 10, 2009 at 1:26pm

If you *block* the piwik module from accessing it's own tracker files (piwik.php, piwik.js) - piwik is not able to track anything!

You may be able to protect the subfolders with .htacces, but I cannot say if this will work well, but it may be possible to block from all other files except the tracker URLs. Untested - maybe the piwik core maintainers know...

#4

Posted by System Message on November 24, 2009 at 1:30pm
Status:fixed» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

#5

Posted by andrewsuth on January 18, 2010 at 1:50am

.. then why not just add an .htaccess file that only allows those two files?

AuthUserFile /path/to/.htpasswd
AuthGroupFile /path/to/.htgroups
AuthName "PIWIK"
AuthType Basic
   
<Files "*">
require group admins
</Files>

<FilesMatch "^piwik.(js|php)$">
    Allow from all
    Satisfy any
</FilesMatch>

Also, as far as I can tell, the file piwik.php is not accessed directly by the user anyway. In that case, you can add another restriction which says: only allow 127.0.0.1/localhost/(your server IP) to access piwik.php without authentication.

#6

Posted by hass on January 18, 2010 at 9:41am

Without piwik.php nothing can be tracked... It's called from the js code

#7

Posted by andrewsuth on January 18, 2010 at 9:55am

That makes sense.

I just couldn't see piwik.php the file being calling in my network requests. In that case, just use the .htaccess I posted above. Should work.

nobody click here