Page 1 of 1

Forbidden access - New XAMPP security concept

PostPosted: 16. May 2013 16:39
by DeVrije
After installing XAMPP version 1.8.1 and starting APACHE and MySQL, I entered the webaddress 'localhost/xampp'. Directly I got the following error (in DUTCH):

Toegang verboden!
Nieuwe XAMPP beveiliging concept:
Toegang tot het gevraagde object is alleen beschikbaar in het lokale netwerk.
Deze instelling kan worden geconfigureerd in het bestandhttpd-xampp.conf".

What I have:
- Windows 8 running under 64-bit
- Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
- Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

What I have modified:
- In file 'httpd.conf':
* DocumentRoot "D:/Server"
* <Directory "D:/Server">
* Alias /xampp "C:/xampp/htdocs/xampp"

Plaese be realized, that all my local websites WITHOUT using MySQL are STILL running FINE!

Further all my local websites USING MySQL are working FINE at my another laptop running under Windows 7 64-bit, but under the OTHER version which has been installed about 2 years ago!

Who can help me with the abovementioned problem?

Re: Forbidden access - New XAMPP security concept

PostPosted: 06. February 2014 11:56
by xeesus
I know this topic is a bit older by now and DeVrije has probably found a solution, but I just ran into the exact same problem and wanted to post a solution here for me and others to find in the future. Other solutions available throughout the internet with the exact same error message but concerning the localhost/phpmyadmin URI don't help in this case.

This issue occurs when you move your document root away from the default path, e.g. C:/xampp/htdocs/ (Windows) or /opt/lampp/htdocs/ (Linux), via the "DocumentRoot" setting in etc/httpd.conf, and still set an alias for the original htdocs/xampp folder via an Alias setting in the <IfModule alias_module> section in that same file. After doing so, http://localhost/xampp will not be reachable, displaying the above-mentioned 403 error, while http://localhost/phpmyadmin, http://localhost/ and other URIs work just fine.

Hence, the solution:

In etc/extra/httpd-xampp.conf add something like this (e.g. at the end)
- for XAMPP on Linux:
Code: Select all
<Directory "/opt/lampp/htdocs/xampp">
    AllowOverride AuthConfig Limit
    Require all granted

- for XAMPP on Windows:
Code: Select all
<Directory "C:/xampp/htdocs/xampp">
    AllowOverride AuthConfig Limit
    Require all granted

Then restart XAMPP. Of course, adjust the paths accordingly if your installation paths differ.

Looking at the <LocationMatch> section below "# New XAMPP security concept" in etc/extra/httpd-xampp.conf, you might want to add similar <Directory> sections for other special URIs such as http://localhost/webalizer, http://localhost/security and others when needed. http://localhost/phpmyadmin already has such a section in etc/extra/httpd-xampp.conf, that's why it remained working in the first place.

Hope that helps someone. :)