Accessing XMAPP from a remote computer (XP) 1.7.7 [SOLVED]

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Accessing XMAPP from a remote computer (XP) 1.7.7 [SOLVED]

Postby cdelorm » 21. October 2011 20:46

I am trying to set up xampp to allow me to access the application from other computers. I think I am close to having things set up properly...however, I am running into an issue.

When I try to access xampp from another computer using the IP address for the computer with xmapp installed, I get the access forbidden error many others also get (below).

New XAMPP security concept:

Access to the requested directory is only available from the local network.

This setting can be configured in the file "httpd-xampp.conf".


I was also getting the same error when trying to access xampp using the IP address on the computer where I installed xampp.

To allow access from anything, someone recommended that I delete everything below from the \xampp\conf\extra\httpd-xampp.conf file:

#
# New XAMPP security concept
#

# Close XAMPP security section here
<LocationMatch "^/(?i:(?:security))">
Order deny,allow
#Deny from all
Allow from ::1 127.0.0.0/8
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>


# Close XAMPP sites here
<LocationMatch "^/(?i:(?:xampp|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
#Deny from all
Allow from ::1 127.0.0.0/8
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>

This worked when I did it, however, I am concerned about security vulnerability. So, my next thought was to try to enable access to the IP address as well...so I added (see red)

#
# New XAMPP security concept
#

# Close XAMPP security section here
<LocationMatch "^/(?i:(?:security))">
Order deny,allow
#Deny from all
Allow from ::1 127.0.0.0/8
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>


# Close XAMPP sites here
<LocationMatch "^/(?i:(?:xampp|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
#Deny from all
Allow from ::1 127.0.0.0/8
Allow from ::1 xxx.xxx.x.xxx (the computer's IP address)
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>

When I did this, I was able to open xampp by typing either localhost or the IP address from the computer where xampp is installed. However, I still get the forbidden access error from another computer.

What do you recommend I do to allow access from another computer while limiting security risks?

Thank you!

Caprice
cdelorm
 
Posts: 11
Joined: 19. October 2011 04:14
Operating System: Windows XP

Re: Accessing XMAPP from a remote computer

Postby cdelorm » 21. October 2011 21:01

One update...I changed the following:

Allow from ::1 xxx.xxx.x.xxx (the computer's IP address...I changed this line from using the xampp installed IP address to the remote computer IP address)

This worked. I can now access xampp from the remote computer when I type the IP address of the computer with xampp in the address bar.

Is this the recommended way to make this work so that security is as strong as possible?

Thanks!

Caprice
cdelorm
 
Posts: 11
Joined: 19. October 2011 04:14
Operating System: Windows XP

Re: Accessing XMAPP from a remote computer

Postby Altrea » 21. October 2011 21:29

Hi cdelorm,

Thank you for the detailed description. This is really helpful :)

cdelorm wrote:To allow access from anything, someone recommended that I delete everything below from the \xampp\conf\extra\httpd-xampp.conf file:


Don't follow everything which "someone" recommended. The security concept is not implemented for nuts. The sense behind this concept is to protect the very sensitive parts of your XAMPP from others. If you have full access to the server XAMPP is running on, there is no reason to deactivate or change the security concept.
All folders and files you place inside htdocs are NOT affected by the security concept, just the XAMPP Administration page (XAP), where all security relevant changes are made.

cdelorm wrote:This worked when I did it, however, I am concerned about security vulnerability.

correct. Security is an important thing for servers i think :D

cdelorm wrote:So, my next thought was to try to enable access to the IP address as well...so I added (see red)
#
# New XAMPP security concept
#

# Close XAMPP security section here
<LocationMatch "^/(?i:(?:security))">
Order deny,allow
#Deny from all
Allow from ::1 127.0.0.0/8
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>


# Close XAMPP sites here
<LocationMatch "^/(?i:(?:xampp|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
#Deny from all
Allow from ::1 127.0.0.0/8
Allow from ::1 xxx.xxx.x.xxx (the computer's IP address)
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>


three things:
1) you don't need to place ::1 before your IP-Address. ::1 is just the short notation for the IPv6 self loopback
2) if you want to add more than 1 IP addresse to the Allow from rule, just add them with a space right after the last one, or end a line with a backslash "\" and you can write directly in the next line.
3) Why is your Deny from all rule commented out by a #?
4) Why two blocks? is the security part so much more sensitive from your own IP then the other parts?

cdelorm wrote:Is this the recommended way to make this work so that security is as strong as possible?

Follow my four hints and we will get a step further :D
So why not this simple block:

Code: Select all
<LocationMatch "^/(?i:(?:xampp|licenses|phpmyadmin|security]webalizer|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 xxx.xxx.x.xxx
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 8293
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: Accessing XMAPP from a remote computer

Postby Sharley » 22. October 2011 00:14

4) Why two blocks? is the security part so much more sensitive from your own IP then the other parts?
In the default 1.7.7 httpd-xampp.conf that section is now split in to 2 separate sections so that 127.0.0.1 only has access to the security folder and denies access from the LAN.
The second section will allow access to those other server sensitive folders from the LAN only.
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: Accessing XMAPP from a remote computer

Postby cdelorm » 22. October 2011 01:31

Thank you both for your replies. I apologize, I made one error. The Deny All did not have the "#" in front in what I ended up doing. What I currently have is below:

# Close XAMPP security section here
<LocationMatch "^/(?i:(?:security))">
Order deny,allow
Deny from all
Allow from ::127.0.0.0/8
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>

# Close XAMPP sites here
<LocationMatch "^/(?i:(?:xampp|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8
Allow from ::1 xxx.xxx.x.xxx (IP address of computer with xampp)
Allow from ::1 yyy.yyy.y.yyy (IP address of computer with xampp)
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>


I believe the recommended solution is:


# Close XAMPP security section here
<LocationMatch "^/(?i:(?:security))">
Order deny,allow
Deny from all
Allow from ::127.0.0.0/8
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>

# Close XAMPP sites here
<LocationMatch "^/(?i:(?:xampp|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 xxx.xxx.x.xxx yyy.yyy.y.yyy (x & y being the IP addresses of computer with xampp and remote computer)

ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>


Did I follow your recommendations as intended? Is what I had in place basically the same (just curious for learning purposes...I tested putting all of the IP addresses on one line and it works)? Would I need to add another IP if we add another computer to the network and want to connect to xampp from there?

Thank you! :wink:

Caprice
cdelorm
 
Posts: 11
Joined: 19. October 2011 04:14
Operating System: Windows XP

Re: Accessing XMAPP from a remote computer

Postby Sharley » 22. October 2011 01:43

Hello Caprice.
You could replace that last section with this part which covers all the bases using CIDR (Classless Inter-Domain Routing) then you should not have to add any future local addresses.
Code: Select all
    Order deny,allow
    Deny from all
    Allow from ::1 127.0.0.0/8 \
               fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
               fe80::/10 169.254.0.0/16
A useful online calculator can be found here:
http://www.subnet-calculator.com/cidr.php

Best wishes. :)
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: Accessing XMAPP from a remote computer

Postby Altrea » 22. October 2011 08:28

Sharley wrote:n the default 1.7.7 httpd-xampp.conf that section is now split in to 2 separate sections so that 127.0.0.1 only has access to the security folder and denies access from the LAN.
The second section will allow access to those other server sensitive folders from the LAN only.

Thank you Sharley, didn't see that before :D
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 8293
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: Accessing XMAPP from a remote computer

Postby cdelorm » 24. October 2011 20:33

Thank you for the additional information Sharley, and for the link. Much appreciated!

~ Caprice
cdelorm
 
Posts: 11
Joined: 19. October 2011 04:14
Operating System: Windows XP

Re: Accessing XMAPP from a remote computer

Postby Sharley » 24. October 2011 20:52

Caprice, your most welcome and thanks for the feedback. 8)

Best wishes. :)
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 69 guests