How Do I Restrict Urchin Access to a Single IP Address?
Overview
On a system that has multiple network interfaces or has several IP addresses bound to a single network interface, the default behavior is for the Urchin web interface to bind to all configured IP addresses. However, may be desirable to configure Urchin to restrict administration and reporting to a single IP address.
Procedure
Restricting Urchin admin/reporting requires a simple change to the configuration file that the Urchin Apache webserver uses. Please follow these steps:
For UNIX-type systems:
- Open a command shell as the user that Urchin runs as
- "cd" to the directory where Urchin is installed
- Stop the Urchin webserver with the command: "bin/urchinctl -w stop"
- Using a text editor, open the "urchinwebd.conf.template" file in the "var" directory of the Urchin distribution
Above the <Directory /> line, insert the line
Listen XXX.XXX.XXX.XXX:port
- li style="list-style-type:none">where "XXX.XXX.XXX.XXX" and "port" are the IP address and port number to which you want Urchin restricted.
- Restart the Urchin webserver with the command:
bin/urchinctl -w start
For Windows systems:
Stop the Urchin Services: "Start->Programs->Urchin 6->Disable Urchin Services"
- Open Windows Explorer and navigate to "C:\Program Files\Urchin6\var"
- Using a text editor, open the "urchinwebd.conf.template" file
Above the <Directory /> line, insert the line
Listen XXX.XXX.XXX.XXX:port
- where "XXX.XXX.XXX.XXX" and "port" are the IP address and port number to which you want Urchin restricted.
Restart the Urchin Services: "Start->Programs->Urchin 6->Enable Urchin Services"
Important Note: Due to the use of socket pooling in IIS 5 and later, it may be necessary to disable the default behavior of IIS to share sockets on for all websites bound to a particular port, regardless of what actual IP address has been configured. This will be typical in environments where virtual hosts are used, and you wish to set up Urchin reporting on port 80 for a specific virtual host.
Considerations
- This technique only works to restrict Urchin admin/reporting to a specific IP-address. You cannot restrict access to name-based virtual hosts.
- Upgrades to Urchin will overwrite the "urchinwebd.conf.template" file after saving a backup copy. You will need to re-apply any edits you've made to that file after an upgrade.