Page 1 of 1

New XAMPP security concept, from localhost? [Solved]

PostPosted: 15. July 2012 13:22
by theadamlt
Hi all,
after upgrade to 1.8.0 from 1.7.7 under Ubuntu 12.04, i am not able to open PHPMyAdmin.
Even though i am on localhost i get this error message:
Access forbidden!

New XAMPP security concept:

Access to the requested object is only available from the local network.

This setting can be configured in the file "httpd-xampp.conf".

If you think this is a server error, please contact the webmaster.

Error 403

localhost
Apache/2.4.2 (Unix) OpenSSL/1.0.1c PHP/5.4.4


Does anyone have a solution.

Thank you in advance,
Adam

Re: New XAMPP security concept, from localhost?

PostPosted: 15. July 2012 18:03
by MrJxN
See: http://community.apachefriends.org/f/viewtopic.php?f=17&t=50902&p=196185#p196185

Re: New XAMPP security concept, from localhost?

PostPosted: 15. July 2012 18:10
by JonB
I just upgraded a Fedora 16 VM that had a pure vanilla 1.7.7 LAMPP and got the same 'Security concept error after the upgrade. This appears to be related to another previous issue on 1.7.7 - I suspect the response you get depends on the level of the user.
viewtopic.php?f=17&t=50902
<thanks to Dookan>

Solution:
Edit /opt/lampp/etc/extra/httpd-xampp.conf
Find -
<Directory "/opt/lampp/phpmyadmin">

add this line: Require all granted

Should look about like this:
Code: Select all
# since XAMPP 1.4.3
<Directory "/opt/lampp/phpMyAdmin-3.4.5-english">
    AllowOverride AuthConfig Limit
    Require all granted
    Order allow,deny
    Allow from all
</Directory>


This should work to fix your issue. Now I just have to understand 'why' its only needed for phpMyAdmin! :shock: AND - find out what else is jiggered...

Good Luck
8)

Re: New XAMPP security concept, from localhost?

PostPosted: 15. July 2012 19:32
by Altrea
JonB wrote:Should look about like this:
Code: Select all
# since XAMPP 1.4.3
<Directory "/opt/lampp/phpMyAdmin-3.4.5-english">
    AllowOverride AuthConfig Limit
    Require all granted
    Order allow,deny
    Allow from all
</Directory>

Just one comment from me:
Try to just use "Require all granted" and remove the lines "Order allow,deny" and "Allow from all".

Require all granted is new style, the other two lines are old style.
Both together should not be needed.

more to read:
http://httpd.apache.org/docs/2.4/mod/mo ... ml#require
http://httpd.apache.org/docs/2.4/mod/mo ... ompat.html
http://httpd.apache.org/docs/trunk/upgr ... l#run-time

For users who want to have more than one auth method and want to satisfy any, something like this is also possible:
Code: Select all
# since XAMPP 1.4.3
<Directory "/opt/lampp/phpMyAdmin-3.4.5-english">
    AllowOverride AuthConfig Limit
    <RequireAny>
        Require all granted
        #here your other auth check, like LDAP group or SSL cert
    </RequireAny>
</Directory>


The auth block of the new security concept should also be changed to new style i think.
I have described one possible (untested) version here: viewtopic.php?f=3&t=50969#p196209

best wishes,
Altrea

Re: New XAMPP security concept, from localhost?

PostPosted: 20. July 2012 11:12
by petergo
(context: lampp 1.8.0, ubuntu 12.04 as guest on Windows 7, bridged net interface)

When you can't get access to phpmyadmin even from localhost, which was my case, don't forget about the default setttings for security (/opt/lampp/lampp security).
Unless you start protecting you lampp (xampp) from there, none of the settings in httpd-xampp.conf, as described in solutions on this Forum, work.

Took me some time to realize it, as I normally only test on local machine and do not bother with security settings...

regds.

Peter Go.

Re: New XAMPP security concept, from localhost?

PostPosted: 26. July 2012 15:11
by danlucier
When you can't get access to phpmyadmin even from localhost, which was my case, don't forget about the default setttings for security (/opt/lampp/lampp security).
Unless you start protecting you lampp (xampp) from there, none of the settings in httpd-xampp.conf, as described in solutions on this Forum, work.


Thank you. That's what I was missing. To setup security (in Linux at least):

Code: Select all
sudo /opt/lampp/lampp security


Then follow prompts to create passwords. After that, I was finally able to access phpMyAdmin.

Cheers,

Dan Lucier

Re: New XAMPP security concept, from localhost? [Solved]

PostPosted: 27. July 2012 14:34
by cpighin
:) I experienced similar problem with a dual boot pc, Win XP and Ubuntu 11.04, both with XAMPP.

In both systems I have not set security passwords; in Ubuntu I had Error 403, forbidden access, when attempting to access PhpMyAdmin page, while I had no problem with XAMPP installed in Win XP.

Now I solved the issue thanks to this discussion :D

For those who will have same problems, this is what I did:

    - I edited section "since XAMPP 1.4.3" of /opt/lampp/etc/extra/httpd-xampp.conf from this:
    Code: Select all
    <Directory "/opt/lampp/phpmyadmin">
        AllowOverride AuthConfig Limit
        Order allow,deny
        Allow from all
    </Directory>

    to this:
    Code: Select all
    <Directory "/opt/lampp/phpmyadmin">
        AllowOverride AuthConfig Limit
        Require all granted
    </Directory>

    (lines "Order allow,deny" and "Allow from all" were cancelled and the new one "Require all granted" was inserted)

    - I restarted XAMPP with command "/opt/lampp/lampp start" and the issue was solved

Claudio :)

Re: New XAMPP security concept, from localhost? [Solved]

PostPosted: 14. May 2013 14:29
by baklazanek
cpighin wrote::) I experienced similar problem with a dual boot pc, Win XP and Ubuntu 11.04, both with XAMPP.

In both systems I have not set security passwords; in Ubuntu I had Error 403, forbidden access, when attempting to access PhpMyAdmin page, while I had no problem with XAMPP installed in Win XP.

Now I solved the issue thanks to this discussion :D

For those who will have same problems, this is what I did:

    - I edited section "since XAMPP 1.4.3" of /opt/lampp/etc/extra/httpd-xampp.conf from this:
    Code: Select all
    <Directory "/opt/lampp/phpmyadmin">
        AllowOverride AuthConfig Limit
        Order allow,deny
        Allow from all
    </Directory>

    to this:
    Code: Select all
    <Directory "/opt/lampp/phpmyadmin">
        AllowOverride AuthConfig Limit
        Require all granted
    </Directory>

    (lines "Order allow,deny" and "Allow from all" were cancelled and the new one "Require all granted" was inserted)

    - I restarted XAMPP with command "/opt/lampp/lampp start" and the issue was solved

Claudio :)


Thanks alot,i had no ideas how to solve it. :wink:

Re: New XAMPP security concept, from localhost? [Solved]

PostPosted: 18. November 2013 21:45
by albade
thanks for everyone whose given the solution .. that's inspiring

Re: New XAMPP security concept, from localhost? [Solved]

PostPosted: 14. March 2014 14:02
by Blauwahl
"Thank you. That's what I was missing. To setup security (in Linux at least): sudo /opt/lampp/lampp security
Then follow prompts to create passwords. After that, I was finally able to access phpMyAdmin."


It worked. Thank you! As Peter Go and Dan Lucier pointed out, changing the default settings for security (i.e. from no security to password protection) will work without making changes to the httpd-xampp.conf file.

Blauwahl :)

Re: New XAMPP security concept, from localhost? [Solved]

PostPosted: 15. August 2017 05:15
by xoristzatziki
The new debian (and all derivations) idea is to add to hosts a 127.0.1.1 host with your PC name . This "new" host is still a localhost. Xampp installs applications in 127.0.1.1 which is neither a localhost nor a 127.0.0.1 which is expected by xampp apps to work properly. This is a xampp installation issue. The apachefriends (or the bitnami installation app) should solve this issue as soon as possible, since all above mentioned tricks do not solve the problem but rather open more security holes.

Re: New XAMPP security concept, from localhost? [Solved]

PostPosted: 15. August 2017 10:45
by Nobbie
xoristzatziki wrote:Xampp installs applications in 127.0.1.1 which is neither a localhost nor a 127.0.0.1 which is expected by xampp apps to work properly. This is a xampp installation issue.


That is plain nonsense, Xampp neither "installs" anything to any IP, nor expects any certain IPs. Xampp listens to Port 80 on ALL IPs and ServerName is set to localhost (see httpd.conf for detailed information) - thats it. And everything else is configured by your Operating System (i.e. /etc/hosts etc.). So if you are unhappy with your local DNS and Servername, you have to setup your PC properly.