So today we will be discussing how to secure Piwik stats with help of HAproxy. I didn’t find direct articles relating to how to do that so google and quick tests were my companions for this 🙂
So Piwik is quite cool project for getting your statistics. I have created a simple docker container out of it ( available on DockerHub ) and now run it on my server. Looking at documentation I wanted to have it secured so I have found the following quote :
” Use .htaccess to restrict access to a few files only, and to restrict by defined IP address.
For those running an Apache web server, it should be easy to use .htaccess (Apache’s Access Control List) files to restrict entry to Piwik. For example, when you restrict access to files, you will need to allow external access to the piwik.php and piwik.js files, as well as to the URL index.php?module=CoreAdminHome&action=optOut (for the opt-out iframe).”
So what I have done – was creating simple ACL for piwik ( yep – you can have the same name of ACLs 🙂 ) called piwik_stats and used it when deciding for backend so backend would be accessible only if coming from whitelisted IP address or only when using whitelisted parts of URL 🙂
# Whitelist : MyHome
acl net_whitelist_myhome src -f /etc/haproxy/myhome
# Piwik stats security
acl piwik_stats url /index.php?module=CoreAdminHome&action=optOut
acl piwik_stats path /piwik.php
acl piwik_stats path /piwik.js
use_backend stats_piwik if domain_stats.example_com piwik_stats or net_whitelist_myhome
Now I know there are probably better ways to do that- if you have one – share your comments / thoughts.