{panel}
XAMPP controls access by using a simply *username* and *password*. It is recommended that XAMPP be further locked down allowing access to specified IP addresses. This can be accomplished by making modifications to the apache *httpd-xampp.conf* configuration file as described below:\\
Below is the *http-xampp.conf* files that is initially installed by the XAMPP installer.\\
\\
*Original httpd-xampp.conf*
{code}
# XAMPP settings
#
<IfModule alias_module>
<IfModule mime_module>
#ScriptAlias /php/ "C:/xampp/php/"
#Action application/x-httpd-php "/php/php-cgi.exe"
PHPINIDir "C:/xampp/php"
LoadModule php5_module "C:/xampp/apache/bin/php5apache2_2.dll"
AddType text/html .php .phps .php5 .php4 .php3 .phtml .phpt
<FilesMatch "\.php$|\.php5$|\.php4$|\.php3$|\.phtml$|\.phpt$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
<Directory "C:/xampp/htdocs/xampp">
<IfModule php5_module>
<Files "status.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
</Directory>
Alias /security "C:/xampp/security/htdocs/"
<Directory "C:/xampp/security/htdocs">
<IfModule php5_module>
<Files "xamppsecurity.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
<Directory "C:/xampp/phpMyAdmin">
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
Alias /webalizer "C:/xampp/webalizer/"
<Directory "C:/xampp/webalizer">
<IfModule php5_module>
<Files "webalizer.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
Alias /contrib "C:/xampp/contrib/"
<Directory "C:/xampp/contrib">
<IfModule php5_module>
<Files "webalizer.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
</IfModule>
</IfModule>
# Access restriction via Remote
<IfModule auth_remote_module>
<Directory "C:/xampp/htdocs/fonts">
AllowOverride All
AuthType Basic
AuthName "AUTH REMOTE TEST"
AuthRemoteServer localhost
AuthRemotePort 80
AuthRemoteURL /forbidden/
Require valid-user
#User: user / Password: pass
</Directory>
</IfModule>
# Access restriction via MySQL
<IfModule mysql_auth_module>
<Location /restricted>
AuthMySQLEnable On
AuthName "MySQL Secured Place"
AuthType Basic
require valid-user
AuthMySQLHost localhost
AuthMySQLUser root
# AuthMySQLPassword
AuthMySQLDB webauth
AuthMySQLUserTable user_pwd
AuthMySQLNameField name
AuthMySQLPasswordField pass
AuthMySQLPwEncryption none
</Location>
</IfModule>
{code}
\\
Two things must be done in order to control access visvia IP addressaddresses.\\
\\
FIRST: Notice that each *Directory* directive has it's own *Order*, *Deny* and *Allow from* element. To control access via IP addresses, the *Order*, *Deny* and *Allow from* elements must be removed from all the *Directory* directives.\\
\\
SECOND: Insert the *LocationMatch* directive below at end of the *httpd-xampp.conf* file. The IP addresses 18.18.4.232 and 18.18.1.125 are the IP address are included as an example of how to add a IP address. Be sure to change (or remove) these 2 IP address to suit your requirements.\\
\\
{code}
#
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
Deny from all
Allow from 127.0.0.1 \
18.18.4.232 \
18.18.1.125
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
{code}
{panel} |