I need to deny certain IP's all access but I can't see any deny.
I put this code on my ssl.conf inside label VirtualHost
<LocationMatch "/.*">
Order Allow,Deny
Allow from all
SetEnvif X-Forwarded-For "93\.176\.144\.153" DenyAccess
SetEnvif X-Forwarded-For "139\.162\.206\.138" DenyAccess
Deny from env=DenyAccess
</LocationMatch>
Why not run correctly this configuration?
Thanks in advance
This method does not work? Even in an .htaccess file?
Order Allow,Deny
Allow from all
Deny from 93.176.144.153 139.162.206.138
I have a question about logining at phpmyadmin.
I would like to show phpmyadmin log in page ONLY local area network
connection PCs and cellphone.
Here is my info.
CentOS 7.2
phpmyadmin 4.4.15.8
Apache 2.4.6
PHP 7.0.13
MariaDB 10.1.19
my server's pravate ip adress is 192.168.0.12
my routor is 192.168.0.1
Here is my current code (which all PC and device can see phpadmin login page.)
/etc/httpd/conf.d/phpMyAdmin.conf
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/lib/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/frames/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
Change the lines of Apache 2.4 and phpMyAdmin directory by your area network :
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require local
Require ip 192.168.1 #HERE put your network address
</RequireAny>
</IfModule>
</Directory>
Or to be even more specific
Require local
Require ip 192.168.1.100
Require ip 192.168.1.101
I just installed XAMPP Windows 1.8.2 in my computer. Port 80 is secured and in use by Apache there are no problems nor any port conflicts. I always open Xampp and start both Apache and MySQL Modules in the control panel. Both modules are running, Whenever I click on the Apache admin button it redirects me to the localhost page, It takes a while to load and then this error shows up.
If it's too small for you guys the error says: Network Error (tcp_error)
A communication error occurred: "Connection refused"
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
For assistance, contact your network support team.
Another error shows up if i try with 127.0.0.1:
The localhost changes to 130.147.134.66 NOTE: I use a proxy network and the IP address is 130.147.134.251.
I have tried changing and updating the hosts file in the C:\Windows\System32\Drivers\Etc\hosts. but the problem still persists.
Keep that in mind I am new to using Xampp, and its been only a week since I started using phpMyAdmin and MySQL
My httpd-xampp.conf file:
#
# XAMPP settings
#
<IfModule env_module>
SetEnv MIBDIRS "C:/xampp/php/extras/mibs"
SetEnv MYSQL_HOME "\\xampp\\mysql\\bin"
SetEnv OPENSSL_CONF "C:/xampp/apache/bin/openssl.cnf"
SetEnv PHP_PEAR_SYSCONF_DIR "\\xampp\\php"
SetEnv PHPRC "\\xampp\\php"
SetEnv TMP "\\xampp\\tmp"
</IfModule>
#
# PHP-Module setup
#
LoadFile "C:/xampp/php/php5ts.dll"
LoadModule php5_module "C:/xampp/php/php5apache2_4.dll"
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
#
# PHP-CGI setup
#
#<FilesMatch "\.php$">
# SetHandler application/x-httpd-php-cgi
#</FilesMatch>
#<IfModule actions_module>
# Action application/x-httpd-php-cgi "/php-cgi/php-cgi.exe"
#</IfModule>
<IfModule php5_module>
PHPINIDir "C:/xampp/php"
</IfModule>
<IfModule mime_module>
AddType text/html .php .phps
</IfModule>
ScriptAlias /php-cgi/ "C:/xampp/php/"
<Directory "C:/xampp/php">
AllowOverride None
Options None
Require all denied
<Files "php-cgi.exe">
Require all granted
</Files>
</Directory>
<Directory "C:/xampp/cgi-bin">
<FilesMatch "\.php$">
SetHandler cgi-script
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler None
</FilesMatch>
</Directory>
<Directory "C:/xampp/htdocs/xampp">
<IfModule php5_module>
<Files "status.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
</Directory>
<IfModule alias_module>
Alias /security "C:/xampp/security/htdocs/"
<Directory "C:/xampp/security/htdocs">
<IfModule php5_module>
<Files "xamppsecurity.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
Order deny,allow
Deny from all
Allow from localhost
</Directory>
Alias /licenses "C:/xampp/licenses/"
<Directory "C:/xampp/licenses">
Options +Indexes
<IfModule autoindex_color_module>
DirectoryIndexTextColor "#000000"
DirectoryIndexBGColor "#f8e8a0"
DirectoryIndexLinkColor "#bb3902"
DirectoryIndexVLinkColor "#bb3902"
DirectoryIndexALinkColor "#bb3902"
</IfModule>
Require all granted
</Directory>
Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
<Directory "C:/xampp/phpMyAdmin">
AllowOverride AuthConfig
Order allow,deny
Allow from all
Require all granted
</Directory>
Alias /webalizer "C:/xampp/webalizer/"
<Directory "C:/xampp/webalizer">
<IfModule php5_module>
<Files "webalizer.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
Require all granted
</Directory>
</IfModule>
#
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
It's already giving you the answer.
Look at your second picture.
This setting can be configured in the file "httpd-xampp.conf"
How to "fix" this:
either: disable your proxy for local addresses
or:
1) open the file "\xampp\apache\conf\extra\httpd-xampp.conf" in a texteditor
2) replace "Allow from localhost" with "Allow from YOURLOCALIP" (2 times)
3) save the file
4) restart Apache
See http://www.apachefriends.org/f/viewtopic.php?t=32503#p131519 too
Edit:
It's in line 120-128:
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16 \
YOURLOCALIP <--------------------------------------------------------------
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
Your security configuration for XAMPP is specified in the LocationMatch as chill0r mentioned, on lines 120-128.
Your configuration is allowing from ::1 127.0.0.0/8 \, fc00::/7 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and fe80::/10 169.254.0.0/16 which will never be matched since you're using a proxy AND it's denying everything. This is where the Order statement comes in. It tells your configuration to match against deny first then allow, so it will always deny since you have Deny all.
You need to change your configuration so that it doesn't deny everything and allows at least your own IP. Since it sounds like your running a local dev environment and not exposing it, you can consider removing all restrictions:
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Allow from all
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
If you do this, configure your firewall prevent port 80 access from outside your network (this can be done on your machine or router). Alternatively, you can configure it to work for an IP range using a partial IP that includes your proxy:
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order allow,deny
Deny from all
Allow from 130.147.134
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
Notice that the Order changed from deny,allow to allow,deny so it will check against the allow statement first.
I also noticed that the two requests were for different paths, the first one is "/" and the second is "/xampp/" and the latter is the one that wasn't refused.
In your IfModule alias_module you should add an alias:
Alias "/" "C:/xampp/htdocs/xampp"
This will help you get off the ground, but you'll need to make sure to learn about the directives, specifically Alias and AliasMatch as your routing gets more complicated. Alternatively, you could just develop in the C:/xampp/htdocs/ directory instead of C:/xampp/htdocs/xampp.
Before starting the XAMPP server make sure that other running services are closed like Skype and other servers which is using the same port number.
I had the same problem, the solution is easier than other answers.
1) Install XAMPP in your pc, in this case, Windows 8.
2) Start > Administrative Tools > Services > Web Deployment Agent service and press STOP.
Usually Web Deployment uses port 80 which is the port used by XAMPP by default. If you stop that process and write localhost in your web browser you should be able to access phpmyadmin.
Hope it helps :)
Follow the below Steps
In XAMPP on the Apache Module ,Select Config button httpd.conf
Comment "Deny from all" in the following section,
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
#Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
Restart the XAMPP (Important Step)
I have a web2py application run under Apache via mod_wsgi. How do I restrict access to the admin page (www.myapp.com/admin) based on source IP?
Ideally, I do it directly within Apache for two reasons: 1) I assume that Apache has more effective access to the source IP [citation needed] and 2) I don't feel like modifying the stock admin page in web2py to block specific IPs.
My (abridged) configuration looks something like this:
<VirtualHost *:80>
WSGIDaemonProcess web2py user=myapp group=myapp
WSGIProcessGroup web2py
WSGIScriptAlias / /home/myapp/myapp/wsgihandler.py
TimeOut 45
ServerName myapp.com
ServerAlias www.myapp.com
<Directory /home/myapp/myapp>
AllowOverride None
Order Allow,Deny
Deny from all
<Files wsgihandler.py>
Allow from all
</Files>
</Directory>
#======================================
# THIS IS WHAT I TRIED THAT DIDN'T WORK
<Directory /home/myapp/myapp/admin>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
#======================================
AliasMatch ^/static/(.*) \
/home/myapp/myapp/applications/myapp/static/$1
<Directory /home/myapp/myapp/applications/myapp/static/>
Options -Indexes
Order Allow,Deny
Allow from all
</Directory>
# HTTPS enforcement
# Out of convenience, forward /a* to https, covers /admin /appadmin and /a (front facing admin)
RedirectMatch ^/a(.*) https://myapp.com/a$1
RedirectMatch ^/c/(.*) https://myapp.com/c/$1
RedirectMatch ^/w/user/login(?:/(.*)|$) https://myapp.com/w/user/login/$1
RedirectMatch ^/w/user/register(?:/(.*)|$) https://myapp.com/w/user/register/$1
CustomLog /var/log/apache2/access.log common
ErrorLog /var/log/apache2/error.log
</VirtualHost>
Note that I have a similar VirtualHost for port 443. I just didn't include it for the sake of redundancy.
Normally, it is my understanding that I could use something like the directory notation to deny access to certain directories. However, the above didn't work and I wonder if it has to do with the WSGIScriptAlias directive.
Use:
<Location /admin>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Location>
I would like to deny access to all files and directories on the server but a few ones that I explicitly allow. How can I do that with .htaccess? Why does my approach not work? I am aware I will have to allow .css, .jpg etc.
DirectoryIndex index.html
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<Files index.html>
order Allow,Deny
Allow from all
</Files>
edit: the above .htaccess gives me a "Forbidden" error when I try to access index.html. why?
edit: this seems to do the trick. I hope there are no holes left:
#Disallow everything
<filesmatch "\.+">
Order Allow,Deny
Deny from all
</filesmatch>
#Allow index
<Files index.html>
order Allow,Deny
Allow from all
</Files>
#Allow peripheral files
<FilesMatch "\.(css|png|jpg|js|ico)$">
Order Allow,Deny
Allow from all
</FilesMatch>
IP address : 127.0.0.1 have access to your server and others don't.
this part:
<Files index.html>
order Allow,Deny
Allow from all
</Files>
set access to index.html for all users BUT remember because you did not mention anything about other files they have default access attributes.
for example the code below allow files: 01.jpeg or 01.html or anything ended with xml.
<FilesMatch !"(01\.jpe?g|01\.html|xml)$">
order Allow,Deny
allow from 127.0.0.1
</FilesMatch>