@bohnelang opened this issue on December 19th 2016

Piwik should strictly differ between (tracking) requests from users and admin requests from staff.

At the moment the optout function is done by index.php that normally handle admin/staff requests. Thus it is hard to make the login-page safe. (Every web admin knows, that login pages have daily brute force attacks by scripts from Internet :-/)

At the moment I am using a work-around: We have this situation #Internet <--|--> [head www server: www.mydomain.de] <-----> [piwik webserver: piwik.mydomain.de]

Staff can directly access Piwik by http://piwik.mydomain.de/piwik/ Users call Piwik (files) by http://www.mydomain.de/piwik/

I add some Apache Rewrite rules on the head webserver to avoid login attacks from Internet:

#Do not allow anyone from outside (!) to access /piwik/index.php
RewriteRule     ^/piwik/index.php(.*)$                  - [F,L]
RewriteRule     ^/piwik/$                  - [F,L]

#Define a virtual file optout.php that calles index.php with predefined parameter
RewriteCond     %{REQUEST_URI}                          ^/piwik/optout.php$
RewriteCond     %{QUERY_STRING} ^(.*)idsite=(\d+)(.*)$
RewriteRule     ^(.*)$ http://piwik.mydomain.de/piwik/index.php?module=CoreAdminHome&action=optOut&language=de&idsite=%2 [P,NE,L]

#All other requests are send ot the piwik server
ProxyPass        /piwik/ http://piwik.mydomain.de/piwik/
ProxyPassReverse /piwik/ http://piwik.mydomain.de/piwik/

Greetings - Andreas

@gaumondp commented on December 19th 2016

This had bugged us also 3 years ago and what we did was only permit 2 files from being seen from the internet: piwik.js and piwik.php. All others are only visible from our infrastructure or with a VPN connection.

@bohnelang commented on December 21st 2016

This was my first idea, too. But unfortunately the optout function is called by user and done by index.php. This (untested RewriteRules) could solve this problem if piwik is directly connected to the Internet:

#Internet <--|--> [piwik webserver: piwik.mydomain.de]

#Do not allow anyone from outside (!) to access /piwik/index.php except yout IP range (e.g. 192.168.x.x)
RewriteCond %{REMOTE_ADDR}  !^192\.168\.
RewriteRule     ^/piwik/index.php(.*)$                  - [F,L]

#Do not allow anyone from outside (!) to access /piwik/index.php except yout IP range (e.g. 192.168.x.x)
RewriteCond %{REMOTE_ADDR}  !^192\.168\.
RewriteRule     ^/piwik/$                  - [F,L]

#Define a virtual file optout.php that calles index.php with predefined parameter
RewriteCond     %{REQUEST_URI}                          ^/piwik/optout.php$
RewriteCond     %{QUERY_STRING} ^(.*)idsite=(\d+)(.*)$
RewriteRule     ^(.*)$ /piwik/index.php?module=CoreAdminHome&action=optOut&language=de&idsite=%2 [PT,NE,L]

@janw1 commented on February 3rd 2017

How can I secure my piwik-Directory when I installed Piwik like: https://www.mydomain.com/piwik

User from outside should be tracked and use the optout-function. But only users from "inside" (my ip-range) should be able to login?

@bohnelang commented on February 3rd 2017

Therefore I need to know what kind of system, network and web server you have. What IP is your Intrant?

@janw1 commented on February 3rd 2017

It's an Apache-Webserver (linux-System) and my Intranet-IP-Range begins with 172.25.xx.xx

@bohnelang commented on February 6th 2017

Please try this:

#Internet <--|--> [piwik webserver: www.mydomain.de/piwik/]

apt-cache install apache2-utils
a2enmod rewrite
edit /etc/apache2/sites-enabled/

# Piwik is installed in /piwik/
RewriteEngine   On
RewriteCond %{REMOTE_ADDR}  !^172\.25\.
RewriteRule     ^/piwik/index.php(.*)$                  - [F,L]

RewriteCond %{REMOTE_ADDR}  !^172\.25\.
RewriteRule     ^/piwik/$                - [F,L]

#Define a virtual file optout.php that calles index.php with predefined parameter
RewriteCond     %{REQUEST_URI}                          ^/piwik/optout.php$
RewriteCond     %{QUERY_STRING} ^(.*)idsite=(\d+)(.*)$
RewriteRule     ^(.*)$ /piwik/index.php?module=CoreAdminHome&action=optOut&language=de&idsite=%2 [PT,NE,L]


apache2ctl configtest
apache2ctl restart
@bohnelang commented on February 6th 2017

now please test:

https://www.mydomain.com/piwik/optout.php?idsite=1

and from inside and outside:

https://www.mydomain.com/piwik/

@mattab commented on February 20th 2017

Thanks for the suggestion, but we won't put the opt-out in a different file.

@thomaszbz commented on May 1st 2017

@bohnelang Adding a separate php file which includes the index.php is relatively easy. From there, you can deny accessing the index.php using a .htaccess file .

Example: https://www.slicewise.net/php/piwik-absichern/

@bohnelang commented on May 2nd 2017

Thanks - Looks good!

This issue was closed on February 20th 2017
Powered by GitHub Issue Mirror