XAMPP Security

Problems with the Windows version of XAMPP, questions, comments, and anything related.

XAMPP Security

Postby banberry » 20. May 2015 16:17

I went to the security page from the XAMPP admin and plugged in a User and Password. It replied it saved info to a couple directories. However, I expected a login screen whenever I access from other computers. It doesn't stop anything. The XAMPP admin says XAMPP is secure but I cannot tell. How can I test it's security.
banberry
 
Posts: 2
Joined: 20. May 2015 16:05
Operating System: windows 7

Re: XAMPP Security

Postby glitzi85 » 20. May 2015 23:12

What do you see when you access the XAMPP Host from another computer? The XAMPP site?
Does the file C:\xampp\htdocs\xampp\.htaccess exist? If yes, please post it.
User avatar
glitzi85
 
Posts: 1920
Joined: 05. March 2004 23:26
Location: Dahoim

Re: XAMPP Security

Postby banberry » 28. May 2015 05:14

When I type in localhost I see the XAMPP Admin page. My htaccess in htdocs/xampp says...
AuthName "xampp user"
AuthType Basic
AuthUserFile "C:\xampp\security\xampp.users"
require valid-user

The AuthUserFile houses the credentials. I have two XAMPP setups. One at home and one at work. The one at home behaves differently. If I type in localhost/xampp directly I get the login dialog. However, if I just type in localhost it goes to the xampp admin page w/o a login. The work one doesnt ever show the login dialog no matter what I type. I would expect a login when you type localhost.

Is there a set of best practices on how to lock down xampp?

Also, I would like to turn off directory browsing.
banberry
 
Posts: 2
Joined: 20. May 2015 16:05
Operating System: windows 7

Re: XAMPP Security

Postby gsmith » 28. May 2015 07:07

banberry wrote:If I type in localhost/xampp directly I get the login dialog. However, if I just type in localhost it goes to the xampp admin page w/o a login. The work one doesnt ever show the login dialog no matter what I type. I would expect a login when you type localhost.

OK, I have a hard time believing this because this IS strange. That said http://localhost is redirected to http://localhost/xampp by the index.php file in /xampp/htdocs. So it's landing in the same place. If you've already logged in to http://localhost/xampp then it should not ask you again whichever URL you use.

Why one works differently than the other could be due to simply it's configured differently. It may be a very subtle difference at that.

banberry wrote:Also, I would like to turn off directory browsing.

http://httpd.apache.org/docs/2.4/mod/core.html#options
gsmith
 
Posts: 194
Joined: 29. November 2013 18:04
Location: San Diego
XAMPP version: 0.0.0
Operating System: Win XP to 2012R2/VS 6,9,11,14

Re: XAMPP Security

Postby gsmith » 29. May 2015 03:29

I should probably also mention that understanding how the config sections are merged and what overrides what is probably not a bad idea either.
http://httpd.apache.org/docs/2.4/mod/mo ... uthmerging
gsmith
 
Posts: 194
Joined: 29. November 2013 18:04
Location: San Diego
XAMPP version: 0.0.0
Operating System: Win XP to 2012R2/VS 6,9,11,14


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 68 guests