SSL and Securing Directories in XAMPP

Problems with the Windows version of XAMPP, questions, comments, and anything related.

SSL and Securing Directories in XAMPP

Postby Richter » 03. March 2004 15:52

I have installed XAMPP on a WinXP system and have great success with the product thus far on getting everything installed and running as a service. I have also loaded XAMPP onto a Linux box (process was easier). On the Win32 ver I have ran into complications though. The Linux version of XAMPP has a security script that can be ran and locks the system down effectively. The Win32 ver of XAMPP does not have a 'security' script that will password protect many of the packaged software components.

The SSL in Win32 works well if manually connecting to https:// . However when I go to http:// the default XAMPP directory does not force the connection to use SSL and posts the default pages with out password as well.

How do I make the default directory force SSL ???
How do I turn on the password protection ???


I have attempted to read the Apache 2.0 support docs but they are not very user (noob) friendly.

Is there a user (noob) friendly link someone can send that will assist me ???

Is there a 'security' script that I can run on Win32 XAMPP that will put in the securities the way Linux XAMPP has them, did I overlook it ???
Richter
 
Posts: 3
Joined: 03. March 2004 15:33

Postby Richter » 04. March 2004 19:35

I have made some progress on this venture.

I have used the mod_rewrite to redirect the default XAMPP server to SSL.
In the .htaccess file I have used the folling information:
C:\xampp\htdocs\.htaccess
RewriteEngine On
RewriteCond %{SERVER_PORT} !443$
RewriteRule ^(.*)$ https://xxx.xxx.xxx.xxx/$1 [R,L]

I then created another .htaccess file and placed it in the here:
C:\xampp\htdocs\xampp\.htaccess
RewriteEngine On
RewriteCond %{SERVER_PORT} !443$
RewriteRule ^(.*)$ https://xxx.xxx.xxx.xxx/$1 [R,L]
AuthType Basic
AuthName " ************ Secured Area ************"
AuthUserFile C:\XAMPP\passwords\passwd
Require user richter

This is what is being done (atleast what a noob can determine):
When you access the website http://xxx.xxx.xxx.xx it accesses the first .htaccess file and checks to determine if the browser is using ServerSide port 443 (SSL) if not it redirects the browser to port 443 (SSL).

After the SSL redirect the browser then accesses the /xampp/ directory to access the splash screen. It requires a password using Basic authentication. If the user enters the redirected URL manually then they will still be redirected to SSL port.

*************************************************************
Questions I have.
Can this be done with a single .htaccess file? I want the SSL connection established first before the Basic authentication.

OR

Can I drop the SSL bit and use another authentication type that is encrypted?[/quote]
Richter
 
Posts: 3
Joined: 03. March 2004 15:33


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 152 guests