Ideas about security for XAMPP/phpmyadmin etc.

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Ideas about security for XAMPP/phpmyadmin etc.

Postby janfokko » 18. April 2004 23:45

XAMPP is alive and kicking, Apache2 is listening to my world-wide accessible port 81 and 82. I use port 80 for accessing the XAMPP interface via my LAN.

All's cool so far :)

The downside is that myphpadmin, webalizer etc. (/ aliases) are also world-wide accessible via the sites running behind port 81 and 82. This is defenitely NOT cool :(

Should I move the phpmyadmin, webalizer etc. dir's to the location of 'htdocs', so it's part of port 80 host? or ...?

Anyone got an idea about how to grant access to these aliases only when accessed via port 80/LAN?

Ps: I am not very font of .htaccess and .htpasswd solutions.
janfokko
 
Posts: 3
Joined: 18. April 2004 23:29
Location: Netherlands

Postby Wiedmann » 19. April 2004 00:14

Are you using virtual hosts?

Then, you can put myphpadmin, webalizer... in the "VirtualHost"-part from the site running at port 80 and not in the mainconfig.

Or limit the access to your home ip range:

Order Allow,Deny
Allow from 192.168.0.0/255.255.255.0
Allow from 127.0.0.1
Deny from 192.168.0.2

(192.168.0.2 is the IP from the router)
Wiedmann
AF Moderator
 
Posts: 17106
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany

Postby janfokko » 19. April 2004 08:27

Got it fixed now, thanks.
janfokko
 
Posts: 3
Joined: 18. April 2004 23:29
Location: Netherlands

Postby MAGnUm » 20. April 2004 15:12

well to answer even though you fixed it... move them to htdocs and .htaccess them.
~~:M A G n U m:~~
(Disclaimer: if any of this info is confusing or vague tough, its free!!)
User avatar
MAGnUm
 
Posts: 151
Joined: 16. October 2003 18:08
Location: USA

Postby janfokko » 20. April 2004 15:26

MAGnUm wrote:well to answer even though you fixed it... move them to htdocs and .htaccess them.


:) Like I said: I'm NOT very font of .htaccess solutions
janfokko
 
Posts: 3
Joined: 18. April 2004 23:29
Location: Netherlands

Postby MAGnUm » 20. April 2004 15:39

i read that, but it is still the most simple method, if you ever plan on being able to do anything with phpmyadmin while outside your local net. if in fact you only want to do stuff on your local network disable the phpmyadmin in httpd.conf and use the gui tool or cmd line. or there is a script somewhere that makes you login into phpmyadmin (google: login to phpmyadmin) or write your own.
~~:M A G n U m:~~
(Disclaimer: if any of this info is confusing or vague tough, its free!!)
User avatar
MAGnUm
 
Posts: 151
Joined: 16. October 2003 18:08
Location: USA


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 40 guests