Wednesday, August 29, 2012

Solution for New XAMPP security concept in ubuntu

When you are using phpmyadmin in XAMPP 1.8.0, you will be faceed this problem. To avoid this you will need to do some changes in httpd-xampp.conf file.



Open file as super user

sudo gedit /opt/lampp/etc/extra/httpd-xampp.conf

It will looks like this

1:  <IfDefine PHP4>  
2:  LoadModule php4_module    modules/libphp4.so  
3:  </IfDefine>  
4:  <IfDefine PHP5>  
5:  LoadModule php5_module    modules/libphp5.so  
6:  </IfDefine>  
7:  # Disabled in XAMPP 1.8.0-beta2 because of current incompatibilities with Apache 2.4  
8:  # LoadModule perl_module    modules/mod_perl.so  
9:  Alias /phpmyadmin "/opt/lampp/phpmyadmin"  
10:  Alias /phpsqliteadmin "/opt/lampp/phpsqliteadmin"  
11:  # since XAMPP 1.4.3  
12:  <Directory "/opt/lampp/phpmyadmin">  
13:    AllowOverride AuthConfig Limit  
14:    Order allow,deny  
15:    Allow from all  
16:  </Directory>  
17:  <Directory "/opt/lampp/phpsqliteadmin">  
18:    AllowOverride AuthConfig Limit  
19:    Order allow,deny  
20:    Allow from all  
21:  </Directory>  
22:  # since LAMPP 1.0RC1  
23:  AddType application/x-httpd-php .php .php3 .php4  
24:  XBitHack on  
25:  # since 0.9.8 we've mod_perl  
26:  <IfModule mod_perl.c>  
27:      AddHandler perl-script .pl  
28:            PerlHandler ModPerl::PerlRunPrefork  
29:            PerlOptions +ParseHeaders  
30:      PerlSendHeader On  
31:  </IfModule>  
32:  # demo for mod_perl responsehandler  
33:  #PerlModule Apache::CurrentTime  
34:  #<Location /time>  
35:  #   SetHandler modperl  
36:  #   PerlResponseHandler Apache::CurrentTime  
37:  #</Location>  
38:  # AcceptMutex sysvsem is default but on some systems we need this  
39:  # thanks to jeff ort for this hint  
40:  #AcceptMutex flock  
41:  #LockFile /opt/lampp/logs/accept.lock  
42:  # this makes mod_dbd happy - oswald, 02aug06  
43:  # mod_dbd doesn't work in Apache 2.2.3: getting always heaps of "glibc detected *** corrupted double-linked list" on shutdown - oswald, 10sep06  
44:  #DBDriver sqlite3  
45:  #  
46:  # New XAMPP security concept  
47:  #  
48:  <LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">  
49:       Order deny,allow  
50:       Deny from all  
51:       Allow from ::1 127.0.0.0/8 \  
52:  fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \  
53:  81.196.40.94/32  
54:       ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var  
55:  </LocationMatch>  


2. Change according to red colored changes
1:  <IfDefine PHP4>  
2:  LoadModule php4_module    modules/libphp4.so  
3:  </IfDefine>  
4:  <IfDefine PHP5>  
5:  LoadModule php5_module    modules/libphp5.so  
6:  </IfDefine>  
7:  # Disabled in XAMPP 1.8.0-beta2 because of current incompatibilities with Apache 2.4  
8:  # LoadModule perl_module    modules/mod_perl.so  
9:  Alias /phpmyadmin "/opt/lampp/phpmyadmin"  
10:  Alias /phpsqliteadmin "/opt/lampp/phpsqliteadmin"  
11:  # since XAMPP 1.4.3  
12:  <Directory "/opt/lampp/phpmyadmin">  
13:    AllowOverride AuthConfig Limit  
14:    Require all granted  
15:    Order allow,deny  
16:    Allow from all  
17:  </Directory>  
18:  <Directory "/opt/lampp/phpsqliteadmin">  
19:    AllowOverride AuthConfig Limit  
20:    Require all granted  
21:    Order allow,deny  
22:    Allow from all  
23:  </Directory>  
24:  # since LAMPP 1.0RC1  
25:  AddType application/x-httpd-php .php .php3 .php4  
26:  XBitHack on  
27:  # since 0.9.8 we've mod_perl  
28:  <IfModule mod_perl.c>  
29:      AddHandler perl-script .pl  
30:            PerlHandler ModPerl::PerlRunPrefork  
31:            PerlOptions +ParseHeaders  
32:      PerlSendHeader On  
33:  </IfModule>  
34:  # demo for mod_perl responsehandler  
35:  #PerlModule Apache::CurrentTime  
36:  #<Location /time>  
37:  #   SetHandler modperl  
38:  #   PerlResponseHandler Apache::CurrentTime  
39:  #</Location>  
40:  # AcceptMutex sysvsem is default but on some systems we need this  
41:  # thanks to jeff ort for this hint  
42:  #AcceptMutex flock  
43:  #LockFile /opt/lampp/logs/accept.lock  
44:  # this makes mod_dbd happy - oswald, 02aug06  
45:  # mod_dbd doesn't work in Apache 2.2.3: getting always heaps of "glibc detected *** corrupted double-linked list" on shutdown - oswald, 10sep06  
46:  #DBDriver sqlite3  
47:  #  
48:  # New XAMPP security concept  
49:  #  
50:  <LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">  
51:       Order deny,allow  
52:       Allow from all  
53:       ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var  
54:  </LocationMatch>  

Then restart the XAMPP again.

If you consider about security, do not use this method

1 comment:

  1. Amazing ! I am so happy that I found this article. You have posted the complete solution for new xampp security. This article is of great help to me and I will do share it with all my friends too.
    digital certificate

    ReplyDelete