New xampp security concept: Access Forbidden Error 403 - Windows 7 - phpMyAdmin

user3202433 picture user3202433 · Jan 16, 2014 · Viewed 299.8k times · Source

I have downloaded and installed XAMPP 1.8.1 for Windows on Windows 7 Ultimate. I have set up XAMPP to run together with IIS as per these instructions

All good so far, my PHP sites run locally and everything except phpMyAdmin is available from the XAMPP menu.

However when I try to access phpMyAdmin I get this error:

Access forbidden!

New XAMPP security concept:

Access to the requested directory is only available from the local network.

This setting can be configured in the file "httpd-xampp.conf".

I've found several answers via Google and some on this site. However, so far, none of the solutions I've tried have resolved the issue.

Here is my httpd-xampp.conf file:

#
# XAMPP settings
#

<IfModule env_module>
    SetEnv MIBDIRS "C:/xampp/php/extras/mibs"
    SetEnv MYSQL_HOME "\\xampp\\mysql\\bin"
    SetEnv OPENSSL_CONF "C:/xampp/apache/bin/openssl.cnf"
    SetEnv PHP_PEAR_SYSCONF_DIR "\\xampp\\php"
    SetEnv PHPRC "\\xampp\\php"
    SetEnv TMP "\\xampp\\tmp"
</IfModule>

#
# PHP-Module setup
#
LoadFile "C:/xampp/php/php5ts.dll"
LoadModule php5_module "C:/xampp/php/php5apache2_4.dll"

<FilesMatch "\.php$">
    SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
    SetHandler application/x-httpd-php-source
</FilesMatch>

#
# PHP-CGI setup
#
#<FilesMatch "\.php$">
#    SetHandler application/x-httpd-php-cgi
#</FilesMatch>
#<IfModule actions_module>
#    Action application/x-httpd-php-cgi "/php-cgi/php-cgi.exe"
#</IfModule>


<IfModule php5_module>
    PHPINIDir "C:/xampp/php"
</IfModule>

<IfModule mime_module>
    AddType text/html .php .phps
</IfModule>

ScriptAlias /php-cgi/ "C:/xampp/php/"
<Directory "C:/xampp/php">
    AllowOverride None
    Options None
    Require all denied
    <Files "php-cgi.exe">
          Require all granted
    </Files>
</Directory>

<Directory "C:/xampp/cgi-bin">
    <FilesMatch "\.php$">
        SetHandler cgi-script
    </FilesMatch>
    <FilesMatch "\.phps$">
        SetHandler None
    </FilesMatch>
</Directory>

<Directory "C:/xampp/htdocs/xampp">
    <IfModule php5_module>
        <Files "status.php">
            php_admin_flag safe_mode off
        </Files>
    </IfModule>
    AllowOverride AuthConfig
</Directory>

<IfModule alias_module>
    Alias /security "C:/xampp/security/htdocs/"
    <Directory "C:/xampp/security/htdocs">
        <IfModule php5_module>
            <Files "xamppsecurity.php">
                php_admin_flag safe_mode off
            </Files>
        </IfModule>
        AllowOverride AuthConfig
        Require all granted
   </Directory>

    Alias /licenses "C:/xampp/licenses/"
    <Directory "C:/xampp/licenses">
        Options +Indexes
        <IfModule autoindex_color_module>
            DirectoryIndexTextColor  "#000000"
            DirectoryIndexBGColor "#f8e8a0"
            DirectoryIndexLinkColor "#bb3902"
            DirectoryIndexVLinkColor "#bb3902"
            DirectoryIndexALinkColor "#bb3902"
        </IfModule>
        Require all granted
   </Directory>

    Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
    <Directory "C:/xampp/phpMyAdmin">
        AllowOverride AuthConfig Limit
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>

    Alias /webalizer "C:/xampp/webalizer/"
    <Directory "C:/xampp/webalizer">
        <IfModule php5_module>
            <Files "webalizer.php">
                php_admin_flag safe_mode off
            </Files>
        </IfModule>
        AllowOverride AuthConfig
        Require all granted
    </Directory>
</IfModule>

#
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
    Order deny,allow
    Allow from all
    Require all granted

    ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>

Does anyone have any idea as to what I'm missing?

Answer

Messerchtmitt Longbow picture Messerchtmitt Longbow · Feb 23, 2015

All you have to do is to edit the httpd-xampp.conf

from Require local to Require all granted in the LocationMatch tag.

That's it!