I know this is a bit late, but just for the record. There were a lot of people asking for this online when I searched, but few answers.
Create a password file with htpasswd and put it somewhere safe and outside of public reach, setting permissions. I put mine in /etc/apache2/.htpasswd
Then edit/create the .htaccess file inside the cgi-bin folder (/usr/lib/cgi-bin on Ubuntu Server 12.10), and add the following:
Code:
<Files "awstats.pl">
AuthUserFile /etc/apache2/.htpasswd
AuthGroupFile /dev/null
AuthName "AWStats is Private"
AuthType Basic
require valid-user
</Files>
You will need to edit the AuthUserFile line to reflect your passwords file. You can also change the requirement to a specific name (require george) or whatever.
Finally, and I guess this is where people go wrong, you have to tell Apache2 to allow you to override the default settings for the cgi-bin folder.
Edit /etc/apache2/sites-available/default (and other virtual host files as required, e.g. SSL) looking for the CGI-BIN section, you need to change the "AllowOverride None" to "AllowOverride AuthConfig" to allow the .htaccess file to work. It should look something like this:
Code:
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride AuthConfig
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
Hope that helps. Sorry for digging up an old thread.
Bookmarks