Apache Friends Support Forum

When I visit localhost/security I see the message
"These XAMPP pages are accessible through the network by anyone"
But inside xampp.conf I find

Code: Select all

# New XAMPP security concept
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
    Order deny,allow
    Deny from all
    Allow from ::1 127.0.0.0/8 \
               fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
               fe80::/10 169.254.0.0/16
    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>

Which to me seems like it should take care of that problem.
Is this normal? Otherwise what else might I do to fix this problem?

The 'new XAMPP security concept' prevents anyone outside your localhost or local network, defined by the Allow from directive, from accessing those files and folders mention in the LocationMatch directive.

The item covered in the \xampp\readme_en.txt file - A matter of security (A MUST READ!) - covers anyone accessing XAMPP's directories and files, even those who are on your localhost and your local network, unless they know the user/pass combo you set, recommended to implement this feature and to keep the new security concept feature enabled, both are included in XAMPP and, if implemented, will enhance security.


More helpful reading for new XAMPP users:
http://www.apachefriends.org/en/xampp-windows.html
http://www.apachefriends.org/en/faq-xampp-windows.html

Ah well if I trust them enough to be on my network I suppose they can look at my local server lol.
I didn't realize it was talking about my local network, sorry, thanks for the response!

Hi,

I can see all the features/pages of xampp, including server-info, server-status, but not webalizer. When trying to get to that I get the "Security Concept" message above.

Why will the settings not work for one directory, but work fine for all the others?

Thanks

Seems a reboot sorted me out!