New XAMPP security concept, from localhost? [Solved]

Problems with the Linux version of XAMPP, questions, comments, and anything related.

New XAMPP security concept, from localhost? [Solved]

Postby theadamlt » 15. July 2012 13:22

Hi all,
after upgrade to 1.8.0 from 1.7.7 under Ubuntu 12.04, i am not able to open PHPMyAdmin.
Even though i am on localhost i get this error message:
Access forbidden!

New XAMPP security concept:

Access to the requested object is only available from the local network.

This setting can be configured in the file "httpd-xampp.conf".

If you think this is a server error, please contact the webmaster.

Error 403

localhost
Apache/2.4.2 (Unix) OpenSSL/1.0.1c PHP/5.4.4


Does anyone have a solution.

Thank you in advance,
Adam
theadamlt
 
Posts: 1
Joined: 13. August 2011 23:24

Re: New XAMPP security concept, from localhost?

Postby MrJxN » 15. July 2012 18:03

See: http://community.apachefriends.org/f/viewtopic.php?f=17&t=50902&p=196185#p196185
MrJxN
 
Posts: 3
Joined: 14. July 2012 21:41
Operating System: Ubuntu12 thru VirtualBox on W7

Re: New XAMPP security concept, from localhost?

Postby JonB » 15. July 2012 18:10

I just upgraded a Fedora 16 VM that had a pure vanilla 1.7.7 LAMPP and got the same 'Security concept error after the upgrade. This appears to be related to another previous issue on 1.7.7 - I suspect the response you get depends on the level of the user.
viewtopic.php?f=17&t=50902
<thanks to Dookan>

Solution:
Edit /opt/lampp/etc/extra/httpd-xampp.conf
Find -
<Directory "/opt/lampp/phpmyadmin">

add this line: Require all granted

Should look about like this:
Code: Select all
# since XAMPP 1.4.3
<Directory "/opt/lampp/phpMyAdmin-3.4.5-english">
    AllowOverride AuthConfig Limit
    Require all granted
    Order allow,deny
    Allow from all
</Directory>


This should work to fix your issue. Now I just have to understand 'why' its only needed for phpMyAdmin! :shock: AND - find out what else is jiggered...

Good Luck
8)
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7

Re: New XAMPP security concept, from localhost?

Postby Altrea » 15. July 2012 19:32

JonB wrote:Should look about like this:
Code: Select all
# since XAMPP 1.4.3
<Directory "/opt/lampp/phpMyAdmin-3.4.5-english">
    AllowOverride AuthConfig Limit
    Require all granted
    Order allow,deny
    Allow from all
</Directory>

Just one comment from me:
Try to just use "Require all granted" and remove the lines "Order allow,deny" and "Allow from all".

Require all granted is new style, the other two lines are old style.
Both together should not be needed.

more to read:
http://httpd.apache.org/docs/2.4/mod/mo ... ml#require
http://httpd.apache.org/docs/2.4/mod/mo ... ompat.html
http://httpd.apache.org/docs/trunk/upgr ... l#run-time

For users who want to have more than one auth method and want to satisfy any, something like this is also possible:
Code: Select all
# since XAMPP 1.4.3
<Directory "/opt/lampp/phpMyAdmin-3.4.5-english">
    AllowOverride AuthConfig Limit
    <RequireAny>
        Require all granted
        #here your other auth check, like LDAP group or SSL cert
    </RequireAny>
</Directory>


The auth block of the new security concept should also be changed to new style i think.
I have described one possible (untested) version here: viewtopic.php?f=3&t=50969#p196209

best wishes,
Altrea
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 11 Pro x64

Re: New XAMPP security concept, from localhost?

Postby petergo » 20. July 2012 11:12

(context: lampp 1.8.0, ubuntu 12.04 as guest on Windows 7, bridged net interface)

When you can't get access to phpmyadmin even from localhost, which was my case, don't forget about the default setttings for security (/opt/lampp/lampp security).
Unless you start protecting you lampp (xampp) from there, none of the settings in httpd-xampp.conf, as described in solutions on this Forum, work.

Took me some time to realize it, as I normally only test on local machine and do not bother with security settings...

regds.

Peter Go.
petergo
 
Posts: 1
Joined: 20. July 2012 08:10
Operating System: linux/ubuntu;windows 7

Re: New XAMPP security concept, from localhost?

Postby danlucier » 26. July 2012 15:11

When you can't get access to phpmyadmin even from localhost, which was my case, don't forget about the default setttings for security (/opt/lampp/lampp security).
Unless you start protecting you lampp (xampp) from there, none of the settings in httpd-xampp.conf, as described in solutions on this Forum, work.


Thank you. That's what I was missing. To setup security (in Linux at least):

Code: Select all
sudo /opt/lampp/lampp security


Then follow prompts to create passwords. After that, I was finally able to access phpMyAdmin.

Cheers,

Dan Lucier
danlucier
 
Posts: 1
Joined: 26. July 2012 15:06
Operating System: Bodhi Linux 2

Re: New XAMPP security concept, from localhost? [Solved]

Postby cpighin » 27. July 2012 14:34

:) I experienced similar problem with a dual boot pc, Win XP and Ubuntu 11.04, both with XAMPP.

In both systems I have not set security passwords; in Ubuntu I had Error 403, forbidden access, when attempting to access PhpMyAdmin page, while I had no problem with XAMPP installed in Win XP.

Now I solved the issue thanks to this discussion :D

For those who will have same problems, this is what I did:

    - I edited section "since XAMPP 1.4.3" of /opt/lampp/etc/extra/httpd-xampp.conf from this:
    Code: Select all
    <Directory "/opt/lampp/phpmyadmin">
        AllowOverride AuthConfig Limit
        Order allow,deny
        Allow from all
    </Directory>

    to this:
    Code: Select all
    <Directory "/opt/lampp/phpmyadmin">
        AllowOverride AuthConfig Limit
        Require all granted
    </Directory>

    (lines "Order allow,deny" and "Allow from all" were cancelled and the new one "Require all granted" was inserted)

    - I restarted XAMPP with command "/opt/lampp/lampp start" and the issue was solved

Claudio :)
cpighin
 
Posts: 8
Joined: 14. November 2010 16:23

Re: New XAMPP security concept, from localhost? [Solved]

Postby baklazanek » 14. May 2013 14:29

cpighin wrote::) I experienced similar problem with a dual boot pc, Win XP and Ubuntu 11.04, both with XAMPP.

In both systems I have not set security passwords; in Ubuntu I had Error 403, forbidden access, when attempting to access PhpMyAdmin page, while I had no problem with XAMPP installed in Win XP.

Now I solved the issue thanks to this discussion :D

For those who will have same problems, this is what I did:

    - I edited section "since XAMPP 1.4.3" of /opt/lampp/etc/extra/httpd-xampp.conf from this:
    Code: Select all
    <Directory "/opt/lampp/phpmyadmin">
        AllowOverride AuthConfig Limit
        Order allow,deny
        Allow from all
    </Directory>

    to this:
    Code: Select all
    <Directory "/opt/lampp/phpmyadmin">
        AllowOverride AuthConfig Limit
        Require all granted
    </Directory>

    (lines "Order allow,deny" and "Allow from all" were cancelled and the new one "Require all granted" was inserted)

    - I restarted XAMPP with command "/opt/lampp/lampp start" and the issue was solved

Claudio :)


Thanks alot,i had no ideas how to solve it. :wink:
baklazanek
 
Posts: 1
Joined: 14. May 2013 14:26
Operating System: xp

Re: New XAMPP security concept, from localhost? [Solved]

Postby albade » 18. November 2013 21:45

thanks for everyone whose given the solution .. that's inspiring
albade
 
Posts: 1
Joined: 18. November 2013 21:40
Operating System: windows 7

Re: New XAMPP security concept, from localhost? [Solved]

Postby Blauwahl » 14. March 2014 14:02

"Thank you. That's what I was missing. To setup security (in Linux at least): sudo /opt/lampp/lampp security
Then follow prompts to create passwords. After that, I was finally able to access phpMyAdmin."


It worked. Thank you! As Peter Go and Dan Lucier pointed out, changing the default settings for security (i.e. from no security to password protection) will work without making changes to the httpd-xampp.conf file.

Blauwahl :)
--
“To avoid criticism say nothing, do nothing, be nothing.”
Aristotle
User avatar
Blauwahl
 
Posts: 2
Joined: 14. March 2014 13:41
Operating System: Linux 3.4.63-2.44

Re: New XAMPP security concept, from localhost? [Solved]

Postby xoristzatziki » 15. August 2017 05:15

The new debian (and all derivations) idea is to add to hosts a 127.0.1.1 host with your PC name . This "new" host is still a localhost. Xampp installs applications in 127.0.1.1 which is neither a localhost nor a 127.0.0.1 which is expected by xampp apps to work properly. This is a xampp installation issue. The apachefriends (or the bitnami installation app) should solve this issue as soon as possible, since all above mentioned tricks do not solve the problem but rather open more security holes.
User avatar
xoristzatziki
 
Posts: 2
Joined: 15. August 2017 05:00
Location: Petroupoli - Greece
XAMPP version: 7.1.7.0 64b
Operating System: ubuntu

Re: New XAMPP security concept, from localhost? [Solved]

Postby Nobbie » 15. August 2017 10:45

xoristzatziki wrote:Xampp installs applications in 127.0.1.1 which is neither a localhost nor a 127.0.0.1 which is expected by xampp apps to work properly. This is a xampp installation issue.


That is plain nonsense, Xampp neither "installs" anything to any IP, nor expects any certain IPs. Xampp listens to Port 80 on ALL IPs and ServerName is set to localhost (see httpd.conf for detailed information) - thats it. And everything else is configured by your Operating System (i.e. /etc/hosts etc.). So if you are unhappy with your local DNS and Servername, you have to setup your PC properly.
Nobbie
 
Posts: 13170
Joined: 09. March 2008 13:04


Return to XAMPP for Linux

Who is online

Users browsing this forum: No registered users and 32 guests