Apache Friends Support Forum

[kryppienation]

in my previous version of xampp i was able to access my main directory and my phpmyadmin from external places, now i cannot, it gives me an access forbidden error. I setup the password and username in the security thing but i cannot access my stuff only from localhost. What do i need to change to be able to access my information from anywhere? i need to be able to create database tables ect from other places. I would only like to use the password and username i created. Someone please help me with this

[Altrea]

To help you, you had to give us more information about this error and your installation.
Please post the full error message here and tell us if you use mod_rewrite, Virtual Hosts.
What we also need to know is your XAMPP Version and the code of your htaccess file which produces the error.

[kryppienation]

I believe the error is coming up in the last portion of this code. I do not only want to be able to access this from my localhost. I need to be able to access this from anywhere, just by putting in the username and password. It works fine from localhost but when i try to access my information from remote locations i cannot. gives me a 403 forbidden error.

Code: Select all

#
# XAMPP settings
#

<IfModule env_module>
    SetEnv MIBDIRS "C:/xampp/php/extras/mibs"
    SetEnv MYSQL_HOME "C:\\xampp\\mysql\\bin"
    SetEnv OPENSSL_CONF "C:/xampp/apache/bin/openssl.cnf"
    SetEnv PHP_PEAR_SYSCONF_DIR "C:\\xampp\\php"
    SetEnv PHPRC "C:\\xampp\\php"
    SetEnv TMP "C:\\xampp\\tmp"
    UnsetEnv PERL5LIB
</IfModule>

#
# PHP-Module setup
#
LoadFile "C:/xampp/php/php5ts.dll"
LoadModule php5_module modules/php5apache2_2.dll

<IfModule php5_module>
    <FilesMatch "\.php$">
        SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
    </FilesMatch>

    PHPINIDir "C:/xampp/php"
</IfModule>

#
# PHP-CGI setup
#
<IfModule !php5_module>
    <FilesMatch "\.php$">
        SetHandler application/x-httpd-php-cgi
    </FilesMatch>
    <IfModule actions_module>
        Action application/x-httpd-php-cgi "/php-cgi/php-cgi.exe"
    </IfModule>
</IfModule>


<IfModule mime_module>
    AddType text/html .php .phps
</IfModule>

ScriptAlias /php-cgi/ "C:/xampp/php/"
<Directory "C:/xampp/php">
    AllowOverride None
    Options None
    Order deny,allow
    Deny from all
    <Files "php-cgi.exe">
        Allow from all
    </Files>
</Directory>

<Directory "C:/xampp/cgi-bin">
    <FilesMatch "\.php$">
        SetHandler cgi-script
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler None
    </FilesMatch>
</Directory>

<Directory "C:/xampp/htdocs/xampp">
    <IfModule php5_module>
       <Files "status.php">
          php_admin_flag safe_mode off
       </Files>
    </IfModule>
    AllowOverride AuthConfig
</Directory>

<IfModule alias_module>
    Alias /security "C:/xampp/security/htdocs/"
    <Directory "C:/xampp/security/htdocs">
        <IfModule php5_module>
          <Files "xamppsecurity.php">
             php_admin_flag safe_mode off
          </Files>
        </IfModule>
        AllowOverride AuthConfig
   </Directory>

    Alias /licenses "C:/xampp/licenses/"
    <Directory "C:/xampp/licenses">
        Options +Indexes
        <IfModule autoindex_color_module>
            DirectoryIndexTextColor  "#000000"
            DirectoryIndexBGColor "#f8e8a0"
            DirectoryIndexLinkColor "#bb3902"
            DirectoryIndexVLinkColor "#bb3902"
            DirectoryIndexALinkColor "#bb3902"
        </IfModule>
   </Directory>

    Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
    <Directory "C:/xampp/phpMyAdmin">
        AllowOverride AuthConfig
    </Directory>

    Alias /webalizer "C:/xampp/webalizer/"
    <Directory "C:/xampp/webalizer">
        <IfModule php5_module>
          <Files "webalizer.php">
             php_admin_flag safe_mode off
          </Files>
        </IfModule>
        AllowOverride AuthConfig
    </Directory>
</IfModule>

#
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
    Order deny,allow
    Deny from all
    Allow from ::1 127.0.0.0/8 \
               fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
               fe80::/10 169.254.0.0/16

    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>



Here is the error i recieve from the actual website when i try to access it from anywhere besides my localhost


I cannot post an attachment image on these forums for some reason so i'll have to just copy and paste it.

Access forbidden!


--------------------------------------------------------------------------------

New XAMPP security concept:

Access to the requested directory is only available from the local network.

This setting can be configured in the file "httpd-xampp.conf".


--------------------------------------------------------------------------------


If you think this is a server error, please contact the webmaster.

Error 403
http://www.homickshouse.com
7/27/2010 7:23:43 AM
Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1

[kryppienation]

no one knows how to make this work just by putting in the username and password? I never had this problem with previous versions of xampp i could always access my information from anywhere by only using a username and password.

[Altrea]

no one knows how to make this work just by putting in the username and password?

Sure, many xampp users know how to do that. Maybe half a day is not enough time to reply on your question. Not everybody is every half an hour online in this board. So be patient if you want to get help.

I never had this problem with previous versions of xampp i could always access my information from anywhere by only using a username and password.

Because many users use XAMPP not only as test environment but production environment (We recommend not to do this until you know exactly what you have to change zu harden and secure XAMPP!!!) without any security-changes, the xampp developers decided to bring a minimal security in the default configuration. This is the new XAMPP security concept! Every sensitive and critical xampp page can only be accessed by localhost. For the most users that is enough, because a xampp test environment is commonly installed on their own computer.

What you have to do:

Code: Select all

#
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
    Order deny,allow
    Deny from all
    Allow from ::1 127.0.0.0/8 \
               fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
               fe80::/10 169.254.0.0/16

    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>

The LocationMatch line defines which parts of xampp use the new security concept. You see "phpmyadmin" in this list, and the whole "xampp" folder (XAMPP Administration Panel).
If you have a static IP, the easiest to do is to add your IP to the "Allow from" Rule. Thats enough to allow you access like localhost.

If this is not the case and you just want to access phpmyadmin from outside:
- Create a new password for the mysql user root (use the xamppsecurity.php script for that. Otherwise you had to change the phpmyadmin configuration to tell phpmyadmin the password and authorisation-type)
- remove phpmyadmin from the LocationMatch Rule
- create a new Directory Allow/Deny Block for phpmyadmin in httpd.conf (can't explain specific, because that depends on your own needs)

If not you had to change a little more:
- remove the parts from the list which you want to access from outside
- create a .htaccess password protection (AuthType basic) on the xampp Folder

[kryppienation]

please accept my apology for being impatient about this :/ i didn't mean to be a d!ck about it but i guess now that i reread what i wrote it does seem that way. I will try to toy around with what you said, i am super unfamiliar with all of this side of the stuff and i only know how to code the actual pages in PHP so this is why I'm dumb to these things. I do really appreciate your help and if i still have problems i will ask again but in a more respectable manor. Thank you for trying to help me with this.

one quick question tho, if i just remove that whole block of code from the file... will it still ask me for a username and password when i try to hit the root or will it just automatically allow anyone to go in and access all of my security stuff?

[Altrea]

one quick question tho, if i just remove that whole block of code from the file... will it still ask me for a username and password when i try to hit the root or will it just automatically allow anyone to go in and access all of my security stuff?

The behaviour depends on the access rules which are defined.

htdocs does have an access rule "Allow from all" predefined (apache/conf/httpd.conf lines 212 - 243) . Everything inside htdocs (exept a subfolder overwrites this rule) follows this rule (the xampp folder too).
phpmyadmin is outside of htdocs (routed with an Alias) and does not have a predefined access rule. If no specific access rule is defined, there is a default access rule defined (apache/conf/httpd.conf lines 190 - 203). This rule is on default "Deny from all", so you always get an 403 Code.

On Default you will never ask for a http authorisation password.