Allow from 127.0.0.1 for phpmyadmin doesn't work?

Problems with the Mac OS X version of XAMPP, questions, comments, and anything related.

Allow from 127.0.0.1 for phpmyadmin doesn't work?

Postby heywood » 11. October 2009 01:12

Hi!

Xampp is a very nice package, although I have some problems making it secure.

Here's what I want:
• Make ALL pages Apache serves only accessible by localhost

That is, turn off all "outside" network traffic.
So I've edited httpd.conf like so:

Code: Select all
<Directory "/Applications/XAMPP/xamppfiles/htdocs">
    Options Indexes FollowSymLinks ExecCGI Includes
    AllowOverride All
    Order allow,deny
    Allow from 127.0.0.1, localhost
</Directory>


This seems to work! Yey! When I access my computers IP from another box I get a access denied screen. Good. Then I did this in httpd.conf :

Code: Select all
<Directory "/Applications/XAMPP/xamppfiles/phpmyadmin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from 127.0.0.1, localhost
</Directory>


This doesn't work though! :( I can still access http:x.x.x.x/phpmyadmin from another box! Can anyone help with this?

Then also, I commented out the user-folder-config file, as that was accessible from another box too. Anything else i need to turn off to make my dev server completely inaccessible from the network?

(Quite frankly, being able to have password-protected pages is nice and all, but really, if you're using XAMPP as a local dev server you're never going to access the computer from outside, so why even risk a password-attack by opening up authenticated access, right? It would be really awesome if XAMPP could come with a "xampp-private.conf" or something, for those of us who just use it as a local server. (Also, it's kind of a drag to have to type in passwords all the time when working locally. If a person gets access to my computer they can find passwords in php-files etc anyway. Right?)
heywood
 
Posts: 6
Joined: 11. October 2009 00:57

Re: Allow from 127.0.0.1 for phpmyadmin doesn't work?

Postby Izzy » 11. October 2009 01:20

For phpMyAdmin take a look in apache\conf\extra\httpd-xampp.conf file and make your changes there perhaps instead of in the httpd.conf file as httpd-xampp.conf file will always override the httpd.conf file entries.

In httpd.conf have Apache Listen 127.0.0.1:80
Izzy
 
Posts: 3344
Joined: 25. April 2006 17:06

Re: Allow from 127.0.0.1 for phpmyadmin doesn't work?

Postby heywood » 11. October 2009 01:29

Thanks!

Of course, doh! I reverted all the other edits. The

Listen 127.0.0.1:80

is enough. Also added

bind-address=127.0.0.1

in my.cnf for MySQL. Ok thanks I'm all set! : )
heywood
 
Posts: 6
Joined: 11. October 2009 00:57

Re: Allow from 127.0.0.1 for phpmyadmin doesn't work?

Postby heywood » 11. October 2009 01:32

(The only annoying thing now is that the /security-page claims my pages are visible on the network.. I'll survive ^^ )
heywood
 
Posts: 6
Joined: 11. October 2009 00:57

Re: Allow from 127.0.0.1 for phpmyadmin doesn't work?

Postby Izzy » 11. October 2009 01:37

heywood wrote:(The only annoying thing now is that the /security-page claims my pages are visible on the network.. I'll survive ^^ )
You may be able to get rid of that message by setting a password for MySQL's root user and for a user/pass for XAMPP both in the Security pages, as the passwords are stored encrypted in an inaccessible from the net directory.
Izzy
 
Posts: 3344
Joined: 25. April 2006 17:06


Return to XAMPP for Mac OS X

Who is online

Users browsing this forum: No registered users and 3 guests