I have configured apache to whitelist certain IP range which supposed to access the website.
Now if request doesn't come from IP range, It shows 403 , which is expected. But If I hit from that IP range, not any page loads and message shows "site not reachable". Below is the vhost config file. Can someone figure out whats going wrong here.
<VirtualHost *:80>
<IfModule mod_headers.c>
</IfModule>
<Directory />
<RequireAny>
Require env AllowIP
</RequireAny>
#Allowing IPs Range Below
Allow from xx.xx.xxx.x/xx
Order deny,allow
Deny from all
Allow from env=AllowIP
<IfModule disp_apache2.c>
</IfModule>
</Directory>
<Directory "${DOC_ROOT}">
AllowOverride None
Require all granted
</Directory>
<IfModule disp_apache2.c>
</IfModule>
<IfModule mod_rewrite.c>
</IfModule>
LogLevel debug
CustomLog logs/test.log combined
ErrorLog logs/error.com.log
</VirtualHost>
I'm setting up a virtual host for nagios with Apache 2.4 using mod_proxy_fcgi to forawrd php requests to php-fpm.
I wonder if it's the ProxyPassMatch that is making all of the local resources including images,js,css won't load when I go to 200.000.00:22222/nagios/index.php.
All of the resources are interpreted as Content-Type:text/html; charset=iso-8859-1 as shown in the response headers. They show 403 Forbidden error and in the error log it shows AH01630: client denied by server configuration.
/etc/httpd/conf.d/nagio.conf:
Listen 22222
<VirtualHost *:22222>
ServerName {IP}:22222
AddType image/jpeg jpeg jpg jpe
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
DocumentRoot "/usr/local/nagios"
<Directory "/usr/local/nagios/sbin">
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
AllowOverride None
Require all granted
</Directory>
<LocationMatch "/nagios/((.*\.php)(/.*)?)$">
ProxyPassMatch "fcgi://localhost:9000/usr/local/nagios/share/$1"
</LocationMatch>
<Directory "/usr/local/nagios/share">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
You need a <Directory /usr/local/nagios> section that permits Apache to serve from that directory. Basically, you need one of these for every Alias or DocumentRoot that isn't under an existing one.
Usually you just need "require all granted" or "order deny,allow (2.2.x and older) in the Directory section -- but check the ones for your existing DocumentRoot's
Hi everyone i am getting this error now is more than 7 hours but i still have know luck "You don't have permission to access /phpmyadmin on this server".
I followed the instructions and examples on the internet but i still get the same error.here is my how my file path "etc/httpd/conf.d/phpMyAdmin"
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
#Require ip 127.0.0.1
#Require ip ::1
Require ip 52.28.232.215
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
# Order Allow,Deny
Deny from All
Allow from All
# Allow from 127.0.0.1
#Allow from ::1
Allow from 52.28.232.215
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
# Require ip 127.0.0.1
Require ip 52.28.232.215
# Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
# Order Allow,Deny
#Deny from All
#Allow from 127.0.0.1
# Allow from ::1
Allow from 52.28.232.215
Allow from All
</IfModule>
</Directory>
I finally fixed this issue
added
Required all granted
on the first
# Apache 2.4
I was not aware that my apache is 2.4+
Thanks
I just installed XAMPP Windows 1.8.2 in my computer. Port 80 is secured and in use by Apache there are no problems nor any port conflicts. I always open Xampp and start both Apache and MySQL Modules in the control panel. Both modules are running, Whenever I click on the Apache admin button it redirects me to the localhost page, It takes a while to load and then this error shows up.
If it's too small for you guys the error says: Network Error (tcp_error)
A communication error occurred: "Connection refused"
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
For assistance, contact your network support team.
Another error shows up if i try with 127.0.0.1:
The localhost changes to 130.147.134.66 NOTE: I use a proxy network and the IP address is 130.147.134.251.
I have tried changing and updating the hosts file in the C:\Windows\System32\Drivers\Etc\hosts. but the problem still persists.
Keep that in mind I am new to using Xampp, and its been only a week since I started using phpMyAdmin and MySQL
My httpd-xampp.conf file:
#
# XAMPP settings
#
<IfModule env_module>
SetEnv MIBDIRS "C:/xampp/php/extras/mibs"
SetEnv MYSQL_HOME "\\xampp\\mysql\\bin"
SetEnv OPENSSL_CONF "C:/xampp/apache/bin/openssl.cnf"
SetEnv PHP_PEAR_SYSCONF_DIR "\\xampp\\php"
SetEnv PHPRC "\\xampp\\php"
SetEnv TMP "\\xampp\\tmp"
</IfModule>
#
# PHP-Module setup
#
LoadFile "C:/xampp/php/php5ts.dll"
LoadModule php5_module "C:/xampp/php/php5apache2_4.dll"
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
#
# PHP-CGI setup
#
#<FilesMatch "\.php$">
# SetHandler application/x-httpd-php-cgi
#</FilesMatch>
#<IfModule actions_module>
# Action application/x-httpd-php-cgi "/php-cgi/php-cgi.exe"
#</IfModule>
<IfModule php5_module>
PHPINIDir "C:/xampp/php"
</IfModule>
<IfModule mime_module>
AddType text/html .php .phps
</IfModule>
ScriptAlias /php-cgi/ "C:/xampp/php/"
<Directory "C:/xampp/php">
AllowOverride None
Options None
Require all denied
<Files "php-cgi.exe">
Require all granted
</Files>
</Directory>
<Directory "C:/xampp/cgi-bin">
<FilesMatch "\.php$">
SetHandler cgi-script
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler None
</FilesMatch>
</Directory>
<Directory "C:/xampp/htdocs/xampp">
<IfModule php5_module>
<Files "status.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
</Directory>
<IfModule alias_module>
Alias /security "C:/xampp/security/htdocs/"
<Directory "C:/xampp/security/htdocs">
<IfModule php5_module>
<Files "xamppsecurity.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
Order deny,allow
Deny from all
Allow from localhost
</Directory>
Alias /licenses "C:/xampp/licenses/"
<Directory "C:/xampp/licenses">
Options +Indexes
<IfModule autoindex_color_module>
DirectoryIndexTextColor "#000000"
DirectoryIndexBGColor "#f8e8a0"
DirectoryIndexLinkColor "#bb3902"
DirectoryIndexVLinkColor "#bb3902"
DirectoryIndexALinkColor "#bb3902"
</IfModule>
Require all granted
</Directory>
Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
<Directory "C:/xampp/phpMyAdmin">
AllowOverride AuthConfig
Order allow,deny
Allow from all
Require all granted
</Directory>
Alias /webalizer "C:/xampp/webalizer/"
<Directory "C:/xampp/webalizer">
<IfModule php5_module>
<Files "webalizer.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
Require all granted
</Directory>
</IfModule>
#
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
It's already giving you the answer.
Look at your second picture.
This setting can be configured in the file "httpd-xampp.conf"
How to "fix" this:
either: disable your proxy for local addresses
or:
1) open the file "\xampp\apache\conf\extra\httpd-xampp.conf" in a texteditor
2) replace "Allow from localhost" with "Allow from YOURLOCALIP" (2 times)
3) save the file
4) restart Apache
See http://www.apachefriends.org/f/viewtopic.php?t=32503#p131519 too
Edit:
It's in line 120-128:
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16 \
YOURLOCALIP <--------------------------------------------------------------
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
Your security configuration for XAMPP is specified in the LocationMatch as chill0r mentioned, on lines 120-128.
Your configuration is allowing from ::1 127.0.0.0/8 \, fc00::/7 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and fe80::/10 169.254.0.0/16 which will never be matched since you're using a proxy AND it's denying everything. This is where the Order statement comes in. It tells your configuration to match against deny first then allow, so it will always deny since you have Deny all.
You need to change your configuration so that it doesn't deny everything and allows at least your own IP. Since it sounds like your running a local dev environment and not exposing it, you can consider removing all restrictions:
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Allow from all
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
If you do this, configure your firewall prevent port 80 access from outside your network (this can be done on your machine or router). Alternatively, you can configure it to work for an IP range using a partial IP that includes your proxy:
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order allow,deny
Deny from all
Allow from 130.147.134
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
Notice that the Order changed from deny,allow to allow,deny so it will check against the allow statement first.
I also noticed that the two requests were for different paths, the first one is "/" and the second is "/xampp/" and the latter is the one that wasn't refused.
In your IfModule alias_module you should add an alias:
Alias "/" "C:/xampp/htdocs/xampp"
This will help you get off the ground, but you'll need to make sure to learn about the directives, specifically Alias and AliasMatch as your routing gets more complicated. Alternatively, you could just develop in the C:/xampp/htdocs/ directory instead of C:/xampp/htdocs/xampp.
Before starting the XAMPP server make sure that other running services are closed like Skype and other servers which is using the same port number.
I had the same problem, the solution is easier than other answers.
1) Install XAMPP in your pc, in this case, Windows 8.
2) Start > Administrative Tools > Services > Web Deployment Agent service and press STOP.
Usually Web Deployment uses port 80 which is the port used by XAMPP by default. If you stop that process and write localhost in your web browser you should be able to access phpmyadmin.
Hope it helps :)
Follow the below Steps
In XAMPP on the Apache Module ,Select Config button httpd.conf
Comment "Deny from all" in the following section,
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
#Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
Restart the XAMPP (Important Step)
I have a web2py application run under Apache via mod_wsgi. How do I restrict access to the admin page (www.myapp.com/admin) based on source IP?
Ideally, I do it directly within Apache for two reasons: 1) I assume that Apache has more effective access to the source IP [citation needed] and 2) I don't feel like modifying the stock admin page in web2py to block specific IPs.
My (abridged) configuration looks something like this:
<VirtualHost *:80>
WSGIDaemonProcess web2py user=myapp group=myapp
WSGIProcessGroup web2py
WSGIScriptAlias / /home/myapp/myapp/wsgihandler.py
TimeOut 45
ServerName myapp.com
ServerAlias www.myapp.com
<Directory /home/myapp/myapp>
AllowOverride None
Order Allow,Deny
Deny from all
<Files wsgihandler.py>
Allow from all
</Files>
</Directory>
#======================================
# THIS IS WHAT I TRIED THAT DIDN'T WORK
<Directory /home/myapp/myapp/admin>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
#======================================
AliasMatch ^/static/(.*) \
/home/myapp/myapp/applications/myapp/static/$1
<Directory /home/myapp/myapp/applications/myapp/static/>
Options -Indexes
Order Allow,Deny
Allow from all
</Directory>
# HTTPS enforcement
# Out of convenience, forward /a* to https, covers /admin /appadmin and /a (front facing admin)
RedirectMatch ^/a(.*) https://myapp.com/a$1
RedirectMatch ^/c/(.*) https://myapp.com/c/$1
RedirectMatch ^/w/user/login(?:/(.*)|$) https://myapp.com/w/user/login/$1
RedirectMatch ^/w/user/register(?:/(.*)|$) https://myapp.com/w/user/register/$1
CustomLog /var/log/apache2/access.log common
ErrorLog /var/log/apache2/error.log
</VirtualHost>
Note that I have a similar VirtualHost for port 443. I just didn't include it for the sake of redundancy.
Normally, it is my understanding that I could use something like the directory notation to deny access to certain directories. However, the above didn't work and I wonder if it has to do with the WSGIScriptAlias directive.
Use:
<Location /admin>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Location>