Apache Friends Support Forum

[XAMPP Noob]

I've been trying to restrict access to 127.0.0.1 for hours now with no success. I've tried both in httpd.conf and .htaccess. No dice. I know .htaccess i working, as it's controlling access to my XAMPP directory under htdocs. And I know that httpd.conf is working because when I try to restrict access to localhost, it denies me access.

Here are the relevant portions of the apache httpd.conf file.

Code: Select all

#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName localhost:80

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "C:/xampp/htdocs"

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features. 
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "C:/xampp/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.2/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks Includes ExecCGI

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride All

    #
    # Controls who can get stuff from this server.
    #

    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    #
</Directory>


I also have "Listen 80" (default setting from XAMPP installation).

I'm hoping that I'm missing something really obvious here, but I could really use some help here.

[XAMPP Noob]

Thanks Wole, I tried that earlier, and it does indeed work so long as I removed this code here:

Code: Select all

 Order deny,allow
    Deny from all
    Allow from 127.0.0.1

... and replace it with this:

Code: Select all

    Order deny,allow
    Allow from all

If the server is only listening to localhost connections, does that have the same effect as denying all connections from other ip's as I was trying to do?

Do you know why the "order deny,allow" approach is not working? I've done my googling and multiple sources say this is the correct code, but it's not working. Could there be something else wrong? Is there a mod. not enabled perhaps?

Thanks.