[help D:] New XAMPP security concept

Problems with the Windows version of XAMPP, questions, comments, and anything related.

[help D:] New XAMPP security concept

Postby antharaz » 06. August 2011 19:31

I go to mysite.com/phpmyadmin and see:

New XAMPP security concept:

Access to the requested directory is only available from the local network.

This setting can be configured in the file "httpd-xampp.conf".


Ok, so i go to my vps, and go to mysite.com/phpmyadmin

result:

New XAMPP security concept:

Access to the requested directory is only available from the local network.

This setting can be configured in the file "httpd-xampp.conf".


So i try put localhost/phpmyadmin and retur an error Object don't finded! D:

So i think that apache was off or maibe the vps ip was wrong, so i go to url localhost and mozilla open my site :X

how can i allow extern access (or internal access) by httpd-xampp.conf?
antharaz
 
Posts: 4
Joined: 05. August 2011 15:35

Re: [help D:] New XAMPP security concept

Postby Sharley » 07. August 2011 03:13

Which version of XAMPP are you using?
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: [help D:] New XAMPP security concept

Postby hackattack142 » 07. August 2011 03:55

the "httpd-xampp.conf" file is in" xampp/apache/conf/extra"

You should be aware of the security implications of opening web control applications to the open internet before doing so.

That said, the part you would need to modify would be this one at the end of the config file:

Code: Select all
# Close XAMPP sites here
<LocationMatch "^/(?i:(?:xampp|licenses|phpmyadmin|webalizer|server-status|server-info))">
    Order deny,allow
    Deny from all
    Allow from ::1 127.0.0.0/8
    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
XAMPP Control Panel Developer
Latest CP: viewtopic.php?f=16&t=48932
hackattack142
 
Posts: 703
Joined: 20. May 2011 23:29
Operating System: Windows 7 Ultimate SP1 64-Bit

Re: [help D:] New XAMPP security concept

Postby Sharley » 07. August 2011 04:49

@hackattack142
The reason I asked for the XAMPP version is that this 'New Security Concept" is not the same in all versions.

It is also clear from the error message which file the error relates.

Also missing is how you propose to offer what needs to be modified to allow access to phpMyAdmin from a domain name or an IP associated with that domain name and to leave the rest of the secure settings intact.


@antharaz
When you let me know which XAMPP version you use then I will provide a secure method of editing the httpd-xampp.conf file so the least amount of security is lost.

Remember also that XAMPP is not meant to be used in a production server as there are many security holes that are in place so that developers can develop without too much trouble at localhost level.
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: [help D:] New XAMPP security concept

Postby hackattack142 » 07. August 2011 05:34

my bad, i was not aware of the inconsistency between versions.

If I was going to change it, I would probably do something like this:

Code: Select all
# Close XAMPP sites here
<LocationMatch "^/(?i:(?:xampp|licenses|webalizer|server-status|server-info))">
    Order deny,allow
    Deny from all
    Allow from ::1 127.0.0.0/8
    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
<LocationMatch "^/(?i:(?:phpmyadmin))">
    Order deny,allow
    Deny from all
    Allow from mysite.com ::1 127.0.0.0/8
    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>


or this (with xxx.xxx.xxx.xxx the external IP you want to allow)

Code: Select all
## Close XAMPP sites here
<LocationMatch "^/(?i:(?:xampp|licenses|webalizer|server-status|server-info))">
    Order deny,allow
    Deny from all
    Allow from ::1 127.0.0.0/8
    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
<LocationMatch "^/(?i:(?:phpmyadmin))">
    Order deny,allow
    Deny from all
    Allow from xxx.xxx.xxx.xxx ::1 127.0.0.0/8
    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
XAMPP Control Panel Developer
Latest CP: viewtopic.php?f=16&t=48932
hackattack142
 
Posts: 703
Joined: 20. May 2011 23:29
Operating System: Windows 7 Ultimate SP1 64-Bit

Re: [help D:] New XAMPP security concept

Postby antharaz » 07. August 2011 08:19

My xampp version is 1.7.4, but i installed 1.7.5-beta and it's solved...

thanks you all :*
antharaz
 
Posts: 4
Joined: 05. August 2011 15:35


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 64 guests