Page History

* Downloaded XAMPP 1.7.1, the Basic Package (do not use the Lite version).  Download the *exe* self-extracting RAR archive (use xampp-win32-1.7.1-installer.exe).\\
\\
* You can view all versions of XAMPP which are available for download at [http://sourceforge.net/projects/xampp/files/|http://sourceforge.net/projects/xampp/files/], or\\
\\
* Download [Install and configure XAMPP 1.7.1^xampp-win32-1.7.1-installer.exe] directly from this page.\\

Execute *xampp-win32-1.7.1-installer.exe*.\\
\\
When asked to *Choose Install Location*, keep the default location of *c:\xampp* as shown below.\\
\\
           !xamppInstallationLocation.jpg!\\
\\
When asked to specify *XAMPP Options*, be certain to select the *Install Apache as service* and the *Install MySql as service* as shown below.\\
\\
           !xamppOptions.jpg!\\
\\
Click the *Install* button to finish the installation.\\

Access to XAMPP is controlled by using a simply *username* and *password*.  It is recommended that XAMPP be further locked down allowing access to specified IP addresses.  This can be accomplished by making modifications to the apache *httpd-xampp.conf* configuration file as described below:\\

Below is the *http-xampp.conf* files that is initially installed by the XAMPP installer.\\
\\
httpd-xampp.conf can be found at *c:\xampp\apache\conf\extra*.\\
\\
*Original httpd-xampp.conf*
{code}
# XAMPP settings
#
<IfModule alias_module>
<IfModule mime_module>
    #ScriptAlias /php/ "C:/xampp/php/"
    #Action application/x-httpd-php "/php/php-cgi.exe"
    PHPINIDir "C:/xampp/php"
    LoadModule php5_module "C:/xampp/apache/bin/php5apache2_2.dll"
    AddType text/html .php .phps .php5 .php4 .php3 .phtml .phpt
   <FilesMatch "\.php$|\.php5$|\.php4$|\.php3$|\.phtml$|\.phpt$">
     SetHandler application/x-httpd-php
  </FilesMatch>
  <FilesMatch "\.phps$">
     SetHandler application/x-httpd-php-source
  </FilesMatch>

	<Directory "C:/xampp/htdocs/xampp">
		<IfModule php5_module>
			<Files "status.php">
				php_admin_flag safe_mode off
			</Files>
		</IfModule>
	</Directory>

    Alias /security "C:/xampp/security/htdocs/"
    <Directory "C:/xampp/security/htdocs">
		<IfModule php5_module>
			<Files "xamppsecurity.php">
				php_admin_flag safe_mode off
			</Files>
		</IfModule>
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    </Directory>

    Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
    <Directory "C:/xampp/phpMyAdmin">
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all
    </Directory>

    Alias /webalizer "C:/xampp/webalizer/"
    <Directory "C:/xampp/webalizer">
		<IfModule php5_module>
			<Files "webalizer.php">
				php_admin_flag safe_mode off
			</Files>
		</IfModule>
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all
    </Directory>

      Alias /contrib "C:/xampp/contrib/"
    <Directory "C:/xampp/contrib">
		<IfModule php5_module>
			<Files "webalizer.php">
				php_admin_flag safe_mode off
			</Files>
		</IfModule>

        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    </Directory>
</IfModule>
</IfModule>


# Access restriction via Remote
<IfModule auth_remote_module>
    <Directory "C:/xampp/htdocs/fonts">
    AllowOverride All
    AuthType           Basic
    AuthName           "AUTH REMOTE TEST"
    AuthRemoteServer   localhost
    AuthRemotePort     80
    AuthRemoteURL      /forbidden/
    Require            valid-user
    #User: user / Password: pass
</Directory>
</IfModule>

# Access restriction via MySQL
<IfModule mysql_auth_module>
<Location /restricted>
     AuthMySQLEnable On
    AuthName "MySQL Secured Place"
    AuthType Basic
    require valid-user
    AuthMySQLHost localhost
    AuthMySQLUser root
#   AuthMySQLPassword
    AuthMySQLDB webauth
    AuthMySQLUserTable user_pwd
    AuthMySQLNameField name
    AuthMySQLPasswordField pass
    AuthMySQLPwEncryption none
</Location>
</IfModule>
{code}
\\
Two things must be done in order to control access via IP addresses.\\
\\
FIRST:&nbsp;&nbsp;In the *original httpd-xampp.conf*, notice that each *Directory* directive has it's own *Order*, *Deny* and *Allow from* element.&nbsp;&nbsp;To control access via IP addresses, the *Order*, *Deny* and *Allow from* elements must be removed from all the *Directory* directives.\\
\\
SECOND:&nbsp;&nbsp;Insert the *LocationMatch* directive below at end of the *httpd-xampp.conf* file.&nbsp;&nbsp;The IP addresses 18.19.1.231 and 18.19.5.190 are included only as an example of how to enable an IP address.&nbsp;&nbsp;Be sure to change (or remove) these 2 IP address to suit your requirements.\\
\\
You must *restart apache* after you have made and saved these changes to *httpd-xampp.conf*.\\
\\
You can download a completed version of [Install and configure XAMPP 1.7.1^httpd-xampp-1.7.1.conf] directly from this page.&nbsp;&nbsp;{color:red}Don't forget to rename httpd-xampp-1.7.1.conf to *httpd-xampp.conf* and to *remove or change* the 2 IP address lines (18.19.1.231 and 18.19.5.190){color}.
{code}
#
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1 \
               18.19.1.231 \
               18.19.5.190 

    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
{code}

Edit c:\xampp\apache\conf\httpd.conf and find the line *ServerName localhost:80* and replace *localhost* with the name of the server.\\
\\
For example, if the server name is *chongqing.mit.edu*, the line would read *ServerName chongqing.mit.edu:80*\\
\\
Save the change.\\

Restart apache.\\
\\
Open a web browser on the localhost and go to [*http://localhost/xampp* | http://localhost/xampp]\\
\\
If everything is correctly configured, the following should be displayed:\\
\\
           !xamppWelcome.jpg!\\
\\
The *DocumentRoot* is *C:\xampp\htdocs*.\\