Page 1 of 1

Enable PhpMyAdmin ONLY for localhost access

PostPosted: 08. February 2014 13:23
by bruce2012
Team, I have tried to do this for last 24 hours. I tried different methods and I can not make it working. I also made lots of error messages on the server. :( I found the following 2 posts :
1) http://community.apachefriends.org/f/viewtopic.php?f=17&t=51854&sid=e52c3dd3cd297810d24a0804fd42cd82
2) http://community.apachefriends.org/f/viewtopic.php?f=3&t=50969

I am using XAMPP 1.8.1 . I think that this is right solution. But I do not understand the solution very well.
1: German Language
2: what are the following IPs mean? I know that localhost is 127.0.0.1 but why there are other IPs? I just want open phpmyadmin from local server/localhost ONLY. no access allow from outside my local network/local xampp server. do I need other Ips?

1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16

here is my current New XAMPP security concept

Code: Select all

<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
   Order deny,allow
   Deny from all
   Allow from all
   Allow from ::1 127.0.0.0/8 \
      fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
      fe80::/10 169.254.0.0/16

   ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>



Do I need to use the following codes as the replacement?

Code: Select all

#
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
   <RequireAny>
    Require ip ::1 127.0.0.0/8 \
      fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
      fe80::/10 169.254.0.0/16
   </RequireAny>
   ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>



Thank you for helping?

Re: Enable PhpMyAdmin ONLY for localhost access

PostPosted: 08. February 2014 13:33
by bruce2012
FYI - here are codes that you may need to see.

Code: Select all

   </Directory>

    Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
    <Directory "C:/xampp/phpMyAdmin">
        AllowOverride AuthConfig
        Require all granted
    </Directory>



Thank you!

Re: Enable PhpMyAdmin ONLY for localhost access

PostPosted: 08. February 2014 15:19
by Altrea
Hi bruce2012,

bruce2012 wrote:2: what are the following IPs mean? I know that localhost is 127.0.0.1

localhost is just a domain name and can be anything, but by default it will resolve to ::1 (IPv6) and 127.0.0.1 (IPv4)

bruce2012 wrote:but why there are other IPs?

The other IPs define the private areas of IPv4 and IPv6 local networks.

bruce2012 wrote:I just want open phpmyadmin from local server/localhost ONLY. no access allow from outside my local network/local xampp server. do I need other Ips?

All this IPs are INSIDE your local network, but maybe you don't need them. That depends if you want to access the sensitive XAMPP sites from other local network devices or not.

bruce2012 wrote:here is my current New XAMPP security concept

Code: Select all

<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
   Order deny,allow
   Deny from all
   Allow from all
   Allow from ::1 127.0.0.0/8 \
      fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
      fe80::/10 169.254.0.0/16

   ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>


That is very bad. That "Allow from all" rule will grant access for ANY request. That is not what you want to (and not recommend to leave it at this setting).
if you just want to access from your very local computer, there is an easy setting you can use.
Change the whole new security concept part to this:

Code: Select all
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
   <RequireAny>
      Require local
   </RequireAny>

   ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>


That will grant access from 127.0.0.1, ::1 and the LAN IP of your XAMPP server, nothing else.

best wishes,
Altrea

Re: Enable PhpMyAdmin ONLY for localhost access

PostPosted: 08. February 2014 20:25
by bruce2012
Good morning Altrea, It is working perfectly now! :) I was desperate because I made lots of Apache/SQL error msgs yesterday. you saved my day! Thank you Again!

Re: Enable PhpMyAdmin ONLY for localhost access

PostPosted: 12. February 2014 08:17
by bruce2012
Hello, I did some tests and working great! thank you. here is error msg that I got when I try to access from non-local network.

Access Forbidden!
___________________________
New XAMPP security concept:

Access to the requested object is only available from the local network.

This setting can be configured in the file "httpd-xampp.conf".
__________________________

I only want to show "Access Forbidden!" . I would like to hide the rest in the warning message. Could you please tell me how can I do this? Thank you!!

Re: Enable PhpMyAdmin ONLY for localhost access

PostPosted: 12. February 2014 10:02
by Altrea
Simply define a different ErrorDocument

Re: Enable PhpMyAdmin ONLY for localhost access

PostPosted: 13. February 2014 04:16
by bruce2012
Altrea, thanks for point out the direction. done! have a great day!

Re: Enable PhpMyAdmin ONLY for localhost access

PostPosted: 13. February 2014 05:51
by Altrea
You are welcome 8)