vhreporter wrote:I fixed the problem by commenting out...
You call it a problem, but the security concept isn't just for fun!
You shouldn't just comment this part out but configure it to your own needs.
I don't think that you need an access to your XAMPP admin applications for everybody who can access your webserver from in- and outside.
vhreporter wrote:I'm sure there had to be a better configuration to this, but after working through all the MySQL issue, I'm a little fried and didn't care.
What MySQL issue?
Thats bad that you didn't care for security (and even bader to advise someone else to do the same). These challenges are part of the business.
vhreporter wrote:Also, if you just access the root directory from a browser, the index.php file gets precedence and it has a reference to another file deeper in the subdir "xampp" - so you will get a request to authenticate, which is not a bad deal.
You just get this authenticate request if you already have defined a htaccess authentification for your xampp folder (e.g. with the xampp security script). It's a good idea to define this password protection if you want to give access to your Webserver by other users.
vhreporter wrote:I haven't tested yet, but I assume as long as there isn't a .htaccess file in your public web folder, you should be OK.
Depends on the code in the htaccess-file.
Thats why i ask the poster for information about his scripts. Many well known CMS does come with some url rewriting htaccess files which can end up to the webroot folder (where the index.php file routes to the xampp folder) if you don't configure these CMS right.
vhreporter wrote:Maybe someone knows this, but would the problem be fixed by deleting the "Deny" reference and then changing Allow to "ALL"?
Thats just like commenting it out and doesn't give any security!
vhreporter wrote:Users would still need to authenticate, but at least would be able to connect.
Why should any user should get access to your Administrations? If you (or other webserver administrators) want to create a new database or anything else from the xampp administration tools, he can access them directly on the server with
http://localhost (or in the shell). Thats what the security concept is for!
vhreporter wrote:I could use something like that soon, so if anyone has a sample - it would be appreciated.
You should lern how the rules effect the webserver and how you can configure/expand them.