Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document how to hide piwik server URL in the Javascript #2019

Closed
mattab opened this issue Jan 15, 2011 · 19 comments
Closed

Document how to hide piwik server URL in the Javascript #2019

mattab opened this issue Jan 15, 2011 · 19 comments
Assignees
Labels
Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical. Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change. worksforme The issue cannot be reproduced and things work as intended.
Milestone

Comments

@mattab
Copy link
Member

mattab commented Jan 15, 2011

Few users are tracking all their websites (hundreds or even thousands) with Piwik. One problem is that all the JS codes have the URL of the Piwik server in it. It is then possible to search in a search engine, or using custom bot, all websites that are use this Piwik instance and guess all websites that belong to one user.

SEE FAQ that explains how to do this

@mattab
Copy link
Member Author

mattab commented Apr 1, 2011

I have a beta version going now. See attached file.

Instructions:

  1. Make sure your server runs at least PHP 5 as this trick requires PHP5

  2. In the attached piwik.php file, put your "secret" piwik URL and your Super user token_auth

The token_auth is required so that the visitor IP can be overwritten (otherwise the IP would be set to the IP of your example.org server doing the request)

  1. Upload the piwik.php file in http://example.org/ and all your other websites

  2. Then modify the top part of the Piwik JS snippet to the following

    <script type="text/javascript">
    var pkBaseURL = (("https:" == document.location.protocol) ? "https://example.org/" : "http://example.org/");
    document.write(unescape("%3Cscript src='" + pkBaseURL + "piwik.php' type='text/javascript'%3E%3C/script%3E"));
    </script><script type="text/javascript">
    try {
    var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 1);
    [...]

Notice the absence of piwik.js, since the attached piwik.php will do a proxy to both the static JS file piwik.js, as well as redirect all tracking requests to the "secret" piwik.php

You will have to update the JS snippet on all your websites to point to the "proxy" piwik.php on this local website, that you just uploaded.

PLease test (I have done very small testing...) and report here. When all is working good, I will put up a FAQ or doc page on piwik.org

@mattab
Copy link
Member Author

mattab commented Apr 1, 2011

Attachment: piwik.php proxy file to put on each tracked website
piwik.php

@mattab
Copy link
Member Author

mattab commented Apr 4, 2011

any feedback, is it working as expected? I got only one report that it is working so far. thx

@mattab
Copy link
Member Author

mattab commented Apr 26, 2011

Apparently this is working good! I think, that we can put this in core somehow... and document it in a FAQ?

@anonymous-matomo-user
Copy link

I followed these directions, but it does not seem to be working...

For the Piwiik JS replacement code, I should replace example.org with the URL of the website I placed the piwik.php script on? Also, the original tracking code has:

<noscript><p><img src="http://myserver.com/piwik/piwik.php?idsite=1" style="border:0" alt="" /></p></noscript>

Can I remove that line since it has the URL of the Piwiki server I am trying to hide.

@anonymous-matomo-user
Copy link

Tried on another website and still not working.

@robocoder
Copy link
Contributor

In php.ini, you need:

allow_url_fopen = On

@mattab
Copy link
Member Author

mattab commented May 1, 2011

SupraTT followed up in the forum and it is working

@anonymous-matomo-user
Copy link

Add local cache for .js file.
Why download it for each new user from piwik stats server.

And when there is timeout save visit info to temp file to send later?

@mattab
Copy link
Member Author

mattab commented Jul 26, 2011

(In [5049]) Fixes #2019

  • Added better doc in the script itself
  • added FAQ How to to point to this script

@mattab
Copy link
Member Author

mattab commented Jul 26, 2011

See FAQ at: http://piwik.org/faq/how-to/#faq_132

@anonymous-matomo-user
Copy link

This is currently broken in 1.11.1 and the upstream GitHub version that was suppose to fix this problem does not solve the issue.

More details can be found in the thread I started initially. http://forum.piwik.org/read.php?2,102949

The errors I am seeing and I saw no change in the amount of errors after changing to the "updated" version

2013/04/13 15:51:54 [error] 2802#0: *9 FastCGI sent in stderr: "PHP message: PHP Warning:  sprintf(): Too few arguments in /my/site/piwik.php on line 69" while reading response header from upstream, client: 174.114.17.166, server: , request: "GET /piwik.php?action_name=My%20Website%20Title!&idsite=978&rec=1&r=371635&h=11&m=51&s=52&url=http%3A%2F%2Fwww.mysite.com%2Fo%2Fgfg%2Fheater%2F1%2F&_id=b0686e49aa174610&_idts=1364004010&_idvc=23&_idn=0&_refts=1365868313&_viewts=1365860923&_ref=http%3A%2F%2Ffleshbot.com%2F&cookie=1&res=1280x800 HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "mywebsite.com", referrer: "http://www.mywebsite.com/w/gfg/heater/1/"

All the errors currently are all very similar to the one listed above

Thanks and hopefully this is something that is an easy fix, I can post anything else you guys need for this as well.

@mattab
Copy link
Member Author

mattab commented Apr 16, 2013

In 37c6494: Fixes #2019 thanks for the report, fixing the regression

@anonymous-matomo-user
Copy link

It got rid of the error but tracking goals is still hit and miss, it only triggered 5 times when I hit the goal 40 times. So there is still something going on I feel. Not sure where to look for info as to whats keeping the goals from triggering now.

Thanks.

@anonymous-matomo-user
Copy link

Here was some errors that started up a little bit after trying new github version

2013/04/16 21:13:43 [error] 8125#0: *426 FastCGI sent in stderr: "PHP message: PHP Warning:  file_get_contents(http://my.intermal.i.p/piwik.php?cip=end.user.i.p&token_auth=1234dc5cxdff61e70e76d7b8deb9cef65&action_name=My+Site+Title%21&idsite=1056&rec=1&r=878845&h=2&m=12&s=33&url=http%3A%2F%2Fwww.mysite.com%2F&_id=a42d0858ed9c82ea&_idts=1366146814&_idvc=1&_idn=1&_refts=0&_viewts=1366146814&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=1&java=0&gears=0&ag=0&cookie=1&res=1024x768&): failed to open stream: HTTP request failed!  in /my/site/location/piwik.php on line 73" while reading response header from upstream, client: end.user.i.p, server: , request: "GET /piwik.php?action_name=My%20Site%20Title&idsite=1056&rec=1&r=878845&h=2&m=12&s=33&url=http%3A%2F%2Fwww.mysite.com%2F&_id=a42d0858ed9c82ea&_idts=1366146814&_idvc=1&_idn=1&_refts=0&_viewts=1366146814&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=1&java=0&gears=0&ag=0&cookie=1&res=1024x768 HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "mysite.com", referrer: "http://www.mysite.com/"

thanks

@mattab
Copy link
Member Author

mattab commented Apr 16, 2013

please ask in the forums with the bug description and steps to reproduce.

Note: make sure you wait 1-2 seconds before each goal conversion (max 1 per second)

@anonymous-matomo-user
Copy link

its already in the forums

@mattab
Copy link
Member Author

mattab commented Apr 17, 2013

For your error, I have a feeling it may be caused by mod_security, make sure it's disabled and it might work. Otherwise see suggestions in the forum thread

@mattab mattab added this to the 1.6 Piwik 1.6 milestone Jul 8, 2014
@mattab mattab self-assigned this Jul 8, 2014
@206siva
Copy link

206siva commented Sep 27, 2018

where to place the piwik tracking code in php websites.

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical. Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change. worksforme The issue cannot be reproduced and things work as intended.
Projects
None yet
Development

No branches or pull requests

4 participants