Apache Friends Support Forum

[helo478]

My expectation is that, when the new Xampp security concept is activated (restricting access to the http server and other services to devices on the local network), that it allow devices on the local network access, while blocking WAN devices.

Actually, when the feature is activated, it prevents any device, local or otherwise, from accessing the xampp server.

This may appear to be a duplicate of similar posts, but there is an important distinction:

The solution that was given in similar posts was to turn off the security feature. However, I want that security feature active. I want access to be restricted to the local network. How do I fix the security feature (so that it allows access to local network devices, but not external devices) without turning it off?

[Nobbie]

However, I want that security feature active. I want access to be restricted to the local network. How do I fix the security feature (so that it allows access to local network devices, but not external devices) without turning it off?

The TCPIP ipv4 convention about local network results in certain private IP ranges, which are:

192.168.0.0/16 (192.168.*.*)
172.16.0.0/12 (from 172.16.*.* to 172.31.*.*)
10.0.0.0/8 (10.*.*.*)

So instead of only looking for "IP is 127.0.0.1 or not 127.0.0.1" you have to differ between "IP is in the range of one the above ranges or Not". Depending on your Apache Version, you either have to adapt the appropriate "Allow From ...." clause (or "Deny ....") or instead the "Require IP ..." Clause.

See http://httpd.apache.org/docs/2.2/howto/access.html
and http://httpd.apache.org/docs/trunk/mod/ ... _host.html

for full documentation and examples.

[helo478]

I am confused by your response, but I think I may know why. Are you saying that "local" in the way that it is being used in this context is different from the way that I am using the word "local". I am using it to mean my local area network. Are you saying that, in this context, it is only referring to localhost 127.0.0.1 ?

[Nobbie]

Are you saying that "local" in the way that it is being used in this context is different from the way that I am using the word "local".

No.

I am using it to mean my local area network.

As i did.

Are you saying that, in this context, it is only referring to localhost 127.0.0.1 ?

No. Only "localhost" refers to 127.0.0.1

Seems, you are confusing yourself. You pointed out, that "local" clients are blocked by Xampp Security Concept. That is exactly what happens, because only "localhost" is allowed to access Xampp Admin Pages (that is how it is "out of the box"). If you want to change this, you have to change the "Allow From ..." (or "Require ...") clause in httpd-xampp.conf. But I assume, that you DONT WANT to grant access for ALL IPs (= everyone in the world). Therefore i explained how to determine via the clients IP, if it is coming from local network or from word wide internet. Dont know, why you are confused?!

[larryhyman]

I had the same situation but was able to fix it like this:

Edit this file:

/opt/lampp/etc/extra/httpd-xampp.conf

Go to the bottom of the file and change it to match your LAN IP range:

Code: Select all

# New XAMPP security concept

<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
        Require ip 192.168.2
   ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>