Page 1 of 1

Ideas about security for XAMPP/phpmyadmin etc.

PostPosted: 18. April 2004 23:45
by janfokko
XAMPP is alive and kicking, Apache2 is listening to my world-wide accessible port 81 and 82. I use port 80 for accessing the XAMPP interface via my LAN.

All's cool so far :)

The downside is that myphpadmin, webalizer etc. (/ aliases) are also world-wide accessible via the sites running behind port 81 and 82. This is defenitely NOT cool :(

Should I move the phpmyadmin, webalizer etc. dir's to the location of 'htdocs', so it's part of port 80 host? or ...?

Anyone got an idea about how to grant access to these aliases only when accessed via port 80/LAN?

Ps: I am not very font of .htaccess and .htpasswd solutions.

PostPosted: 19. April 2004 00:14
by Wiedmann
Are you using virtual hosts?

Then, you can put myphpadmin, webalizer... in the "VirtualHost"-part from the site running at port 80 and not in the mainconfig.

Or limit the access to your home ip range:

Order Allow,Deny
Allow from
Allow from
Deny from

( is the IP from the router)

PostPosted: 19. April 2004 08:27
by janfokko
Got it fixed now, thanks.

PostPosted: 20. April 2004 15:12
by MAGnUm
well to answer even though you fixed it... move them to htdocs and .htaccess them.

PostPosted: 20. April 2004 15:26
by janfokko
MAGnUm wrote:well to answer even though you fixed it... move them to htdocs and .htaccess them.

:) Like I said: I'm NOT very font of .htaccess solutions

PostPosted: 20. April 2004 15:39
by MAGnUm
i read that, but it is still the most simple method, if you ever plan on being able to do anything with phpmyadmin while outside your local net. if in fact you only want to do stuff on your local network disable the phpmyadmin in httpd.conf and use the gui tool or cmd line. or there is a script somewhere that makes you login into phpmyadmin (google: login to phpmyadmin) or write your own.