Allow Internet Access to my website

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Re: Allow Internet Access to my website

Postby vhreporter » 16. July 2010 03:18

Maybe someone knows this, but would the problem be fixed by deleting the "Deny" reference and then changing Allow to "ALL"?

Users would still need to authenticate, but at least would be able to connect. I could use something like that soon, so if anyone has a sample - it would be appreciated.

Normally a simple .htaccess file takes care of this, so not certain what value this provides?
vhreporter
 
Posts: 4
Joined: 16. July 2010 03:00

Re: Allow Internet Access to my website

Postby Altrea » 16. July 2010 05:17

vhreporter wrote:I fixed the problem by commenting out...

You call it a problem, but the security concept isn't just for fun!
You shouldn't just comment this part out but configure it to your own needs.
I don't think that you need an access to your XAMPP admin applications for everybody who can access your webserver from in- and outside.

vhreporter wrote:I'm sure there had to be a better configuration to this, but after working through all the MySQL issue, I'm a little fried and didn't care.

What MySQL issue?
Thats bad that you didn't care for security (and even bader to advise someone else to do the same). These challenges are part of the business.

vhreporter wrote:Also, if you just access the root directory from a browser, the index.php file gets precedence and it has a reference to another file deeper in the subdir "xampp" - so you will get a request to authenticate, which is not a bad deal.

You just get this authenticate request if you already have defined a htaccess authentification for your xampp folder (e.g. with the xampp security script). It's a good idea to define this password protection if you want to give access to your Webserver by other users.

vhreporter wrote:I haven't tested yet, but I assume as long as there isn't a .htaccess file in your public web folder, you should be OK.

Depends on the code in the htaccess-file.
Thats why i ask the poster for information about his scripts. Many well known CMS does come with some url rewriting htaccess files which can end up to the webroot folder (where the index.php file routes to the xampp folder) if you don't configure these CMS right.

vhreporter wrote:Maybe someone knows this, but would the problem be fixed by deleting the "Deny" reference and then changing Allow to "ALL"?

Thats just like commenting it out and doesn't give any security!

vhreporter wrote:Users would still need to authenticate, but at least would be able to connect.

Why should any user should get access to your Administrations? If you (or other webserver administrators) want to create a new database or anything else from the xampp administration tools, he can access them directly on the server with http://localhost (or in the shell). Thats what the security concept is for!

vhreporter wrote:I could use something like that soon, so if anyone has a sample - it would be appreciated.

You should lern how the rules effect the webserver and how you can configure/expand them.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: Allow Internet Access to my website

Postby vhreporter » 16. July 2010 06:50

My apologies for my careless post...

I just tried using xampp for the first time today. Seemed like a good idea. Was suppose to make everything a lot easier and I think it does. Initial part of the install went well until I applied the recommended security settings. PhpMyAdmin wouldn't work and I couldn't access MySQL - and no way to easily undo that I can see. There are plenty of posts about these issues without any good suggestions that seem to work. I did make that post after spending most of the day on other problems unrelated to xampp, but it happened to be the last set of issues, so I admit I didn't give my post a lot of thought.

I appreciate your feedback, but would have really benefited from suggested approaches and solutions to configuring the site properly. Is there documentation on how to do this? Is there a way to incrementally configure various directories for specific access? It appears, as configured out of the box, everything is protected automatically and only available inside the network. Any help would be helpful.

I agree with you, security is important and cannot be ignored and I didn't plan to. It would be helpful to find documented solutions. I understand this is a free and generous offering by the Apache Friends, so I accept some sweat equity is a fair price to pay.

OK. I did un-comment the code, created a sub-directory, copied a simple html file and restarted Apache. It worked fine, but now I cannot get to any of the admin features remotely due to the LocationMatch criteria. Is there a way I can retain the LocationMatch feature and access admin pages from let's say the hotel while on my laptop? It appears I have to define specific IP's so that won't work. If there is not a way to do this then this concept doesn't work for the way most web servers are deployed. At least if I know it isn't possible I won't waste time trying to make it work. However, if it is possible then very cool.
vhreporter
 
Posts: 4
Joined: 16. July 2010 03:00

Re: Allow Internet Access to my website

Postby JonB » 16. July 2010 13:57

vhreporter -

If there is not a way to do this then this concept doesn't work for the way most web servers are deployed.


Its worth mentioning here that XAMPP (and WAMP) were both designed for local developer testing. In fact in their FAQ's and docs, they tell you not to use them in production environments. So this doesn't work like most webservers nor was it supposed to 'deployed'.

That said, the 'quick fix' for the security issue is to create a .htaccess file and matching .htpasswd file for the folders you wish to secure (the list in xammp\apache\conf\httpd-xampp.conf)

.htaccess file contents The AuthName value is the realm name so the password prompt will display "Admin" as the object requesting a password - The server localhost at Admin requires a username and password. I created that folder 'secure' BTW. Copy the .htaccess file to the folders you want to have a passord prompted for (including /secure). This is Basic Authentication only -- uses a token (NOT a cookie) that expires when the browser is closed.

Code: Select all
AuthType Basic
AuthName "Admin"
AuthUserFile C:/xampp/htdocs/secure/.htpasswd
require valid-user


.htpasswd file contents - a username:ClearTextUserPassword list. (pay no attention to web discussions about 'hashing' of passwords - that only works on *nix systems)

Code: Select all
bobby:high52u
Billy:imadope

OR use this tool to secure the XAMPP folder itself. (this merely seals off the 'access point')

http://localhost/security/xamppsecurity.php

:mrgreen:
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7

Re: Allow Internet Access to my website

Postby vhreporter » 16. July 2010 16:47

Thanks JonB...

That fills some blanks in for me. The server I'm setting up is mostly a demo/development server, so production ready is not an issue. I use Rackspace Cloud Servers and all servers I setup are remote by nature - either linux or windows. I can use putty or RDC when I need to, but I don't always want to. I think I will disable the "Location Matching" feature and stick to the .htaccess method. It works for what I'm doing.

BTW: Saw your website and plan on looking closer for helpful tips when I have the time. Your picture made me think beer-thirty needs to come early today.

Thanks again,

Mark
vhreporter
 
Posts: 4
Joined: 16. July 2010 03:00

Re: Allow Internet Access to my website

Postby sixfootjames » 07. January 2014 17:03

Oh man, it must kill you when you help as far down as this and then someone blows you off by commenting everything out Altrea :lol:
sixfootjames
 
Posts: 13
Joined: 31. July 2012 09:50
Operating System: Windows 7 Pro

Re: Allow Internet Access to my website

Postby Altrea » 07. January 2014 17:18

I have had three and a half year to cool down, so... :D
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: Allow Internet Access to my website

Postby mcintya » 13. January 2014 22:00

Altrea wrote:
webuser wrote:I tried to edit httpd-xampp.conf but it still doesn't allow access. What exactly do I have to change in it?


If you just want to access your website, you had to change nothing!
the new security concept just save the administration tools of xampp (phpmyadmin, admin control panel, example applications, etc.).

Just create a folder in htdocs for your website (or put it directly in htdocs. delete the index.php file there).

how do i do this?
mcintya
 
Posts: 8
Joined: 13. January 2014 21:24
Operating System: ?

Re: Allow Internet Access to my website

Postby Altrea » 14. January 2014 08:09

You asked how to create a folder? :shock:
Well, thats a operating system question.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: Allow Internet Access to my website

Postby mcintya » 14. January 2014 12:47

If you just want to access your website, you had to change nothing!
the new security concept just save the administration tools of xampp (phpmyadmin, admin control panel, example applications, etc.).

I know how to make a folder how to i save the admin tools and put them in the folder?
mcintya
 
Posts: 8
Joined: 13. January 2014 21:24
Operating System: ?

Re: Allow Internet Access to my website

Postby Altrea » 14. January 2014 16:04

The XAMPP admin tools are protected by the security concept and we want that they are protected for security reasons.
So it is not supported to move them to an unprotected place.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: Allow Internet Access to my website

Postby mcintya » 14. January 2014 21:09

so there is no way to acces my website? :shock:
mcintya
 
Posts: 8
Joined: 13. January 2014 21:24
Operating System: ?

Re: Allow Internet Access to my website

Postby Altrea » 14. January 2014 21:14

sure, locally!

XAMPP is designed as local test and development environment.
It is not configurated (and not supported) for live, production or public accessible server environments.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: Allow Internet Access to my website

Postby mcintya » 14. January 2014 21:15

ok... So how do i access(thank you for all info)
mcintya
 
Posts: 8
Joined: 13. January 2014 21:24
Operating System: ?

Re: Allow Internet Access to my website

Postby Altrea » 14. January 2014 21:47

From the pc you have installed XAMPP on open your browser and type in
http://localhost/
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

PreviousNext

Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 130 guests