How Do I Restrict Urchin Access to a Single IP Address?

Overview

On a system that has multiple network interfaces or has several IP addresses bound to a single network interface, the default behavior is for the Urchin web interface to bind to all configured IP addresses. However, may be desirable to configure Urchin to restrict administration and reporting to a single IP address.

Procedure

Restricting Urchin admin/reporting requires a simple change to the configuration file that the Urchin Apache webserver uses. Please follow these steps:

For UNIX-type systems:

  1. Open a command shell as the user that Urchin runs as
  2. cd to the directory where Urchin is installed
  3. Stop the Urchin webserver with the command: bin/urchinctl -w stop
  4. Using a text editor, open the urchinwebd.conf.template file in the var directory of the Urchin distribution
  5. Above the <Directory /> line, insert the line
      Listen XXX.XXX.XXX.XXX:port
    where XXX.XXX.XXX.XXX and port are the IP address and port number you want Urchin restricted to
  6. Restart the Urchin webserver with the command: bin/urchinctl -w start
For Windows systems:
  1. Stop the Urchin Services: Start->Programs->Urchin->Disable Urchin Services
  2. Open Windows Explorer and navigate to C:\Program Files\Urchin\var
  3. Using a text editor, open the urchinwebd.conf.template file
  4. Above the <Directory /> line, insert the line
      Listen XXX.XXX.XXX.XXX:port
    where XXX.XXX.XXX.XXX and port are the IP address and port number you want Urchin restricted to
  5. Restart the Urchin Services: Start->Programs->Urchin->Enable Urchin Services
  6. Important Note: Due to the use of socket pooling in IIS 5 and later, it may be necessary to disable the default behavior of IIS to share sockets on for all websites bound to a particular port, regardless of what actual IP address has been configured. This will be typical in environments where virtual hosts are used, and you wish to set up Urchin reporting on port 80 for a specific virtual host. Please see this document for further information:

    General IIS FAQ's: What is socket pooling?

Considerations

  • This technique only works to restrict Urchin reporting to a specific IP-address. You cannot restrict access to name-based virtual hosts.
  • Upgrades to Urchin will overwrite the urchinwebd.conf.template file after saving a backup copy. You will need to re-apply any edits you've made to that file after an upgrade.