Archive for February, 2013

February 10, 2013

Access forbidden! New XAMPP security concept fix

by Jay Jonas

XAMPP is a great tool for developers running Windows. But if you are using virtual hosts and maybe you are stuck on  this error message:

Access forbidden! New XAMPP security concept

Open httpd-xampp.conf which is at  <xampp_path>/apache/conf/extra/

Comment this section:

 #
 # New XAMPP security concept
 #
 #<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
 # Order deny,allow
 # Deny from all
 #
 # Allow from ::1 127.0.0.0/8 \
 # fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
 # fe80::/10 169.254.0.0/16 192.168.1.0/16
 #
 # ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
 #</LocationMatch>

And insert these sections as  following:

#
# New XAMPP security concept
#

 # Close XAMPP security section here
 <LocationMatch "^/(?i:(?:security))">
     Order deny,allow
     Deny from all
     Allow from ::1 127.0.0.0/8
     ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
 </LocationMatch>

# Close XAMPP sites here
 <LocationMatch "^/(?i:(?:xampp|licenses|phpmyadmin|webalizer|server-status|server-info))">
     Order deny,allow
     Deny from all
     Allow from ::1 127.0.0.0/8
     ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
 </LocationMatch>

#
# My VHosts security concept
#
# if you are using virtual hosts
# stored outside of xampp folders
#
<DirectoryMatch "D:/dev/wwwroots/(.*)/wwwroot/*">
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/8

    ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</DirectoryMatch>

Then now open http-vhosts.conf that is into the same location.

Add this section:

<VirtualHost *:80>
     DocumentRoot "D:/path/to/xampp/htdocs"

     ServerName localhost:80
     <Directory "D:/path/to/xampp/htdocs">
         IndexOptions +FancyIndexing NameWidth=*
         Options Includes FollowSymLinks Indexes ExecCGI
         AllowOverride All
         Require all granted
     </Directory>
 </VirtualHost>

Finally a sample for setting a virtual host stored in a different folder:

<VirtualHost *:80>
     ServerAdmin webmaster@dev.sample.com
     DocumentRoot D:/dev/wwwroots/dev.sample.com/wwwroot

     ServerName dev.sample.com
     ServerAlias dev.sample.com *.dev.sample.com

     ErrorLog D:/dev/wwwroots/dev.sample.com/logs/error_log.txt
     CustomLog D:/dev/wwwroots/dev.sample.com/logs/access_log.txt common

     <Directory "D:/dev/wwwroots/dev.sample.com/wwwroot">
         IndexOptions +FancyIndexing NameWidth=*
         Options Includes FollowSymLinks Indexes ExecCGI
         AllowOverride All
         Require all granted
     </Directory>
 </VirtualHost>