Home > AXS Visitor Tracking > Help > 1079

Security: Changing the location of the data files

By default, AXS stores all data in the same folder as the Perl CGI scripts. The data files are therefore under your publicly-accessible web folder. Here is an example default configuration:


Under this configuration, it may be possible for an anonymous visitor to request "http://localhost/axs/log.txt" and thereby gain access to the log file.

To maximize security, copy the data files to somewhere outside of your webroot, such as:


Once you move your folder, be sure to apply the proper permissions. Then, edit "ax.pl" and "ax-admin.pl" (or "ax.cgi" and "ax-admin.cgi") and find the line that looks like this:

$LogFile = 'log.txt';
$prefs = 'axs.dat';

Replace the relative paths with the full paths to the files. Remember to always use forward slashes on Windows systems:

$LogFile = 'e:/data/log.txt';
$prefs = 'e:/data/axs.dat';

Visit the ax-admin page to verify that everything still works. Once it works to your satisfaction at the copied location, delete the original data files folder under your webroot.

    "Security: Changing the location of the data files"