Security issues

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Security issues

Postby InsayneWrapper » 02. January 2010 01:52

When I visit localhost/security I see the message
"These XAMPP pages are accessible through the network by anyone"
But inside xampp.conf I find
Code: Select all
# New XAMPP security concept
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
    Order deny,allow
    Deny from all
    Allow from ::1 127.0.0.0/8 \
               fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
               fe80::/10 169.254.0.0/16
    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>

Which to me seems like it should take care of that problem.
Is this normal? Otherwise what else might I do to fix this problem?
InsayneWrapper
 
Posts: 9
Joined: 01. January 2010 23:13

Re: Security issues

Postby Izzy » 02. January 2010 02:34

The 'new XAMPP security concept' prevents anyone outside your localhost or local network, defined by the Allow from directive, from accessing those files and folders mention in the LocationMatch directive.

The item covered in the \xampp\readme_en.txt file - A matter of security (A MUST READ!) - covers anyone accessing XAMPP's directories and files, even those who are on your localhost and your local network, unless they know the user/pass combo you set, recommended to implement this feature and to keep the new security concept feature enabled, both are included in XAMPP and, if implemented, will enhance security.


More helpful reading for new XAMPP users:
http://www.apachefriends.org/en/xampp-windows.html
http://www.apachefriends.org/en/faq-xampp-windows.html
Last edited by Izzy on 02. January 2010 03:38, edited 2 times in total.
Izzy
 
Posts: 3344
Joined: 25. April 2006 17:06

Re: Security issues

Postby InsayneWrapper » 02. January 2010 03:36

Ah well if I trust them enough to be on my network I suppose they can look at my local server lol.
I didn't realize it was talking about my local network, sorry, thanks for the response!
InsayneWrapper
 
Posts: 9
Joined: 01. January 2010 23:13

Re: Security issues

Postby cube » 26. January 2010 22:58

Hi,

I can see all the features/pages of xampp, including server-info, server-status, but not webalizer. When trying to get to that I get the "Security Concept" message above.

Why will the settings not work for one directory, but work fine for all the others?

Thanks
cube
 
Posts: 4
Joined: 26. January 2010 21:24

Re: Security issues

Postby cube » 27. January 2010 10:04

Seems a reboot sorted me out!
cube
 
Posts: 4
Joined: 26. January 2010 21:24


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 67 guests