Apache Friends Support Forum

I go to mysite.com/phpmyadmin and see:

New XAMPP security concept:

Access to the requested directory is only available from the local network.

This setting can be configured in the file "httpd-xampp.conf".

Ok, so i go to my vps, and go to mysite.com/phpmyadmin

result:

New XAMPP security concept:

Access to the requested directory is only available from the local network.

This setting can be configured in the file "httpd-xampp.conf".

So i try put localhost/phpmyadmin and retur an error Object don't finded! D:

So i think that apache was off or maibe the vps ip was wrong, so i go to url localhost and mozilla open my site :X

how can i allow extern access (or internal access) by httpd-xampp.conf?

Which version of XAMPP are you using?

the "httpd-xampp.conf" file is in" xampp/apache/conf/extra"

You should be aware of the security implications of opening web control applications to the open internet before doing so.

That said, the part you would need to modify would be this one at the end of the config file:

Code: Select all

# Close XAMPP sites here
<LocationMatch "^/(?i:(?:xampp|licenses|phpmyadmin|webalizer|server-status|server-info))">
    Order deny,allow
    Deny from all
    Allow from ::1 127.0.0.0/8
    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>

@hackattack142
The reason I asked for the XAMPP version is that this 'New Security Concept" is not the same in all versions.

It is also clear from the error message which file the error relates.

Also missing is how you propose to offer what needs to be modified to allow access to phpMyAdmin from a domain name or an IP associated with that domain name and to leave the rest of the secure settings intact.


@antharaz
When you let me know which XAMPP version you use then I will provide a secure method of editing the httpd-xampp.conf file so the least amount of security is lost.

Remember also that XAMPP is not meant to be used in a production server as there are many security holes that are in place so that developers can develop without too much trouble at localhost level.

my bad, i was not aware of the inconsistency between versions.

If I was going to change it, I would probably do something like this:

Code: Select all

# Close XAMPP sites here
<LocationMatch "^/(?i:(?:xampp|licenses|webalizer|server-status|server-info))">
    Order deny,allow
    Deny from all
    Allow from ::1 127.0.0.0/8
    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
<LocationMatch "^/(?i:(?:phpmyadmin))">
    Order deny,allow
    Deny from all
    Allow from mysite.com ::1 127.0.0.0/8
    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>

or this (with xxx.xxx.xxx.xxx the external IP you want to allow)

Code: Select all

## Close XAMPP sites here
<LocationMatch "^/(?i:(?:xampp|licenses|webalizer|server-status|server-info))">
    Order deny,allow
    Deny from all
    Allow from ::1 127.0.0.0/8
    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
<LocationMatch "^/(?i:(?:phpmyadmin))">
    Order deny,allow
    Deny from all
    Allow from xxx.xxx.xxx.xxx ::1 127.0.0.0/8
    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>

My xampp version is 1.7.4, but i installed 1.7.5-beta and it's solved...

thanks you all :*