## New XAMPP security concept (Apache 2.2)

No Comments »

hey

The new version of Apache 2.2 (installed with xampplite) comes with a set of new securities and I was installing WordPress for a friend of mind and it was a real pain in the a** to get his website published on the Internet.

Eventually, (just stick with it.. you’ll find the light.. initially we just get blinded by the “problem” and the problem of it being another new problem..) it was written very clearly at the end of the file

D:\xampplite\apache\conf\extra\httpd-xampp.conf

## New XAMPP security concept
<LocationMatch “^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))”>
Order Deny,Allow
Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
For me it only made sense to make it all accessible through the Internet (.. the beauty of having it all anywhere in a webpage :) .. ) so I just changed
Deny from all to Allow from all

Just be careful though to put a password on MySQL database and changing the Acces through PhpMyAdmin..

Step 1:  Go into Phpmyadmin and change the mysql password..

- open your phpmyadmin page..
- Go to priviledges
- Edit Root Priviliges
- Change Password

Step 2:  Change the access method of phpmyadmin for Log-in..

D:\xampplite\phpMyAdmin

$cfg['Servers'][$i]['auth_type']            = ‘cookie‘;
$cfg['Servers'][$i]['user']                 = ‘root’;
$cfg['Servers'][$i]['password']             = ‘MyPassword‘;
$cfg['Servers'][$i]['AllowNoPassword']      = true;

And that’s it.. all good to go..

Well not quite for me.. we wanted to another “vitual directory” (the Microsoft guy would say) or rather an Alias (the Linux guy would say) that would give a /oterdirectory to a completely different folder on the disk..
http://www.mysite.com -> c:\xampplite\htdocs
http://www.mysite.com/software -> d:\MySoftware

Ok that was another tricky one since we have those additional securities of Apache right??.. Well turned out pretty simple to add.. Just set the securities on the folder as read for Everyone, then edit the file and add the following just before the </ifModule>..

D:\xampplite\apache\conf\extra\httpd-xampp.conf

Alias /software “D:/MySoftware/”
<Directory “D:/MySoftware/”>
Options Indexes
Order Deny,Allow
Allow from all
</Directory>

(Oh, Option Indexes - That is to make the folder Internet browesable.)

Posted on October 23rd 2009 in IT/ Network Admin, LAMP-sites