Forbidden access to awstats html content
 

Yes, I know this topic has been discussed all over the web during years. After a few hours struggling, again, back to linuxquestions!

I've tried a few solutions such as
chown -R rroopt:rroopt /var/lib/awstats
chmod -R g+rw /var/lib/awstats
chmod 755 /var/lib/awstats

Otherwise configuration looks fine, I am actually getting my first linux emails from localhost logging website activity every half an hour (maybe I'll reconfigure that default time later).

# ls -l /var/lib/awstats
total 36
-rw-rw-r-- 1 rroopt rroopt 8846 May 28 21:47 awstats052016.localhost.localdomain.txt
-rw-rw-r-- 1 rroopt rroopt 8845 May 28 21:47 awstats052016.mlp.riverocooper.com.txt
-rw-rw-r-- 1 rroopt rroopt 8762 May 28 22:00 awstats052016.riverocooper.com.txt

on my browser: "Forbidden: You don't have permission to access /awstats/awstats.pl on this server."

from configuration file:
"# When AWStats updates its statistics, it stores results of its analysis in
# files (AWStats database). All those files are written in the directory
# defined by the "DirData" parameter. Set this value to the directory where
# you want AWStats to save its database and working files into.
# Warning: If you want to be able to use the "AllowToUpdateStatsFromBrowser"
# feature (see later), you need "Write" permissions by web server user on this
# directory (and "Modify" for Windows NTFS file systems).
# Example: "/var/lib/awstats"
# Example: "../data"
# Example: "C:/awstats_data_dir"
# Default: "." (means same directory as awstats.pl)
#
DirData="/var/lib/awstats"
"

I also included some info on main httpd.conf based on the official http://www.awstats.org/docs/awstats_setup.html

<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar

#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.

The statistics are generated constantly, it's just that I am unable to see them in their html presentation

Try reading the documentation again. Pay particular attention to the part where is says:
Did you set your apache docroot correctly???? Can you pull up ANY pages in Apache???

And again, you're trying to shovel out 24,000 emails at a time...spammers don't get much help.

i am well aware of that. Yum installed on /usr/share/awstats/wwwroot

Is there a ScriptAlias /awstats/ that points to /usr/share/awstats/wwwroot/cgi-bin/ in your http conf file?

Greetings Keefaz,

/etc/httpd/conf.d/awstats.conf requests that their contents are pasted into httpd.conf so I did it to the best of my knowledge but it still doesn't work out. Yes, the ScriptAlias you mention is there and reproduced it for you in bold.

<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar

#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
Alias /awstatsclasses "/usr/share/awstats/wwwroot/classes/"
Alias /awstatscss "/usr/share/awstats/wwwroot/css/"
Alias /awstatsicons "/usr/share/awstats/wwwroot/icon/"
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
ScriptAlias /awstats/ "/usr/share/awstats/wwwroot/cgi-bin/"
#
# This is to permit URL access to scripts/files in AWStats directory.
#
<Directory "/usr/share/awstats/wwwroot">
Options None
AllowOverride None
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order allow,deny
Allow from 127.0.0.1
Allow from 5.226.169.119
Allow from ::1
</IfModule>
</Directory>
# Additional Perl modules
# Additional Perl modules
<IfModule mod_env.c>
SetEnv PERL5LIB /usr/share/awstats/lib:/usr/share/awstats/plugins
</IfModule>

This is interesting from error log:

[Sun May 29 08:08:09.435636 2016] [alias:warn] [pid 12533] AH00671: The ScriptAlias directive in /etc/httpd/conf/httpd.conf at line 252 will probably never match because it overlaps an earlier ScriptAlias.
[Sun May 29 08:08:09.435677 2016] [alias:warn] [pid 12533] AH00671: The Alias directive in /etc/httpd/conf.d/awstats.conf at line 15 will probably never match because it overlaps an earlier Alias.
[Sun May 29 08:08:09.435682 2016] [alias:warn] [pid 12533] AH00671: The Alias directive in /etc/httpd/conf.d/awstats.conf at line 16 will probably never match because it overlaps an earlier Alias.
[Sun May 29 08:08:09.435685 2016] [alias:warn] [pid 12533] AH00671: The Alias directive in /etc/httpd/conf.d/awstats.conf at line 17 will probably never match because it overlaps an earlier Alias.
[Sun May 29 08:08:09.435688 2016] [alias:warn] [pid 12533] AH00671: The ScriptAlias directive in /etc/httpd/conf.d/awstats.conf at line 18 will probably never match because it overlaps an earlier ScriptAlias

I think you should remove all references to awstats in your main httpd.conf configuration file as it seems configuration for awstats are defined in separate file in /etc/httpd/conf.d which are included in httpd.conf (search for Include directive in httpd.conf to verify)

Dear keefaz,

Your observation seems very logical. At the end of my httpd.conf there is indeed
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.conf

/etc/httpd/conf.d also includes autoindex.conf awstats.conf awstats.conf.rpmsave geoip.conf mpm_prefork.conf userdir.conf welcome.conf
In particular it sounds like GeoIP is already running? :)COOL:)
<IfModule mod_geoip.c>
GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
</IfModule>
In that case I will go ahead and erase reference to awstats in main httpd.conf

I learned how to browse directly from my linux server:
lynx http://localhost/server-status (for APACHE MOD STATUS)
lynx http://localhost/awstats/awstats.pl?config=mlp (for AWSTATS)
so no longer getting access to server generated html is an issue. The errors 403 of connection refused came from apache as I tried to access content from insecure internet connection of dynamic IP addresses from my ISP.

I had lots of duplicate test configuration files mixed up and the challenge now is to restore Cron because it refers to a deleted configuration and the working configuration for stats now has a different name. But awstats software is working. I should configure differentiated logs and conf files for each of my sites.

Cron has been restored and there are conf files for each website, the only issue left is that statistics are not being generated since day one. This seems a problem that other users have also faced according to web search:
# perl awstats.pl -update -config=mlp
Create/Update database for config "/etc/awstats/awstats.mlp.conf" by AWStats version 7.4 (build 20150714)
From data in log file "/var/log/httpd/access_log"...
Phase 1 : First bypass old records, searching new record...
Direct access after last parsed record (after line 525)
Jumped lines in file: 525
Found 525 already parsed records.
Parsed lines in file: 0
Found 0 dropped records,
Found 0 comments,
Found 0 blank records,
Found 0 corrupted records,
Found 0 old records,
Found 0 new qualified records.

Is this where all the access logs for all the websites are stored?

Not anymore, I created new access logs for each site
access_log access_log_riv access_log_rro access_log_rub error_log

Uninstalled awstats, installed GoAccess works very well, it's simple command line, no html