New xampp security concept: Access Forbidden Error 403 - Windows 7 - phpMyAdmin
WindowsPhpmyadminXamppWindows Problem Overview
I have downloaded and installed XAMPP 1.8.1 for Windows on Windows 7 Ultimate. I have set up XAMPP to run together with IIS as per these instructions
All good so far, my PHP sites run locally and everything except phpMyAdmin is available from the XAMPP menu.
However when I try to access phpMyAdmin I get this error:
> Access forbidden! > > New XAMPP security concept: > > Access to the requested directory is only available from the local > network. > > This setting can be configured in the file "httpd-xampp.conf".
I've found several answers via Google and some on this site. However, so far, none of the solutions I've tried have resolved the issue.
Here is my httpd-xampp.conf file:
#
# XAMPP settings
#
<IfModule env_module>
SetEnv MIBDIRS "C:/xampp/php/extras/mibs"
SetEnv MYSQL_HOME "\\xampp\\mysql\\bin"
SetEnv OPENSSL_CONF "C:/xampp/apache/bin/openssl.cnf"
SetEnv PHP_PEAR_SYSCONF_DIR "\\xampp\\php"
SetEnv PHPRC "\\xampp\\php"
SetEnv TMP "\\xampp\\tmp"
</IfModule>
#
# PHP-Module setup
#
LoadFile "C:/xampp/php/php5ts.dll"
LoadModule php5_module "C:/xampp/php/php5apache2_4.dll"
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
#
# PHP-CGI setup
#
#<FilesMatch "\.php$">
# SetHandler application/x-httpd-php-cgi
#</FilesMatch>
#<IfModule actions_module>
# Action application/x-httpd-php-cgi "/php-cgi/php-cgi.exe"
#</IfModule>
<IfModule php5_module>
PHPINIDir "C:/xampp/php"
</IfModule>
<IfModule mime_module>
AddType text/html .php .phps
</IfModule>
ScriptAlias /php-cgi/ "C:/xampp/php/"
<Directory "C:/xampp/php">
AllowOverride None
Options None
Require all denied
<Files "php-cgi.exe">
Require all granted
</Files>
</Directory>
<Directory "C:/xampp/cgi-bin">
<FilesMatch "\.php$">
SetHandler cgi-script
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler None
</FilesMatch>
</Directory>
<Directory "C:/xampp/htdocs/xampp">
<IfModule php5_module>
<Files "status.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
</Directory>
<IfModule alias_module>
Alias /security "C:/xampp/security/htdocs/"
<Directory "C:/xampp/security/htdocs">
<IfModule php5_module>
<Files "xamppsecurity.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
Require all granted
</Directory>
Alias /licenses "C:/xampp/licenses/"
<Directory "C:/xampp/licenses">
Options +Indexes
<IfModule autoindex_color_module>
DirectoryIndexTextColor "#000000"
DirectoryIndexBGColor "#f8e8a0"
DirectoryIndexLinkColor "#bb3902"
DirectoryIndexVLinkColor "#bb3902"
DirectoryIndexALinkColor "#bb3902"
</IfModule>
Require all granted
</Directory>
Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
<Directory "C:/xampp/phpMyAdmin">
AllowOverride AuthConfig Limit
Order allow,deny
Allow from all
Require all granted
</Directory>
Alias /webalizer "C:/xampp/webalizer/"
<Directory "C:/xampp/webalizer">
<IfModule php5_module>
<Files "webalizer.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
Require all granted
</Directory>
</IfModule>
#
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
Allow from all
Require all granted
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
Does anyone have any idea as to what I'm missing?
Windows Solutions
Solution 1 - Windows
All you have to do is to edit the httpd-xampp.conf
from Require local to Require all granted in the LocationMatch tag.
That's it!
Solution 2 - Windows
In New Xampp
All you have to do is to edit the file:
> C:\xampp\apache\conf\extra\httpd-xampp.conf
and go to Directory tag as below:
> <Directory "C:/xampp/phpMyAdmin">
and then change
> Require local
To
> Require all granted
in the Directory tag.
Restart the Xampp. That's it!
Solution 3 - Windows
Require all granted seemed a bit to far for me. Looking at the documentation I used: Require ip 192.168
to allow all internal access.
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Require local
Require ip 192.168
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
Solution 4 - Windows
Update for XAMPP 7.3.*
If you get into same problem for phpmyadmin in the newest XAMPP, as I had.
The solution is written inside the official documentation located in [XAMPP IP]/dashboard/docs/access-phpmyadmin-remotely.html
> To enable remote access to phpMyAdmin from other hosts, follow these steps:
> 1) Launch the stack manager by double-clicking the XAMPP icon in the mounted disk image.
> 2) Ensure that Apache and MySQL services are running in the "Services" tab of the stack manager (or start them as needed).
> 3) Open a new terminal from the "General" tab of the stack manager.
> 4) Edit the /opt/lampp/etc/extra/httpd-xampp.conf file.
> 5) Within this file, find the block <Directory "/opt/lampp/phpmyadmin">
>
> Update this block and replace Require local
with Require all granted
,
>
> 6) Save the file and restart the Apache service using the stack manager.
Note for section (4) To edit this file make sure you have vim installed.
Note for section (5) Instead of allowing access to all, which is highly insecure, if your computer is connected to a network. A safer approach is to limit the access to only set of IPs as suggested by @Gunnar Bernstein.
In my case I did:
<Directory "/opt/lampp/phpmyadmin">
AllowOverride AuthConfig Limit
Require local
Require ip 192.168
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</Directory>
Solution 5 - Windows
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Require all granted
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
Good luck!!!!
Solution 6 - Windows
Try to reinstall new version of XAMPP. Find "<Directory "C:/xampp/php">
" and then change to something like this
<Directory "C:/xampp/php">
AllowOverride AuthConfig Limit
Order allow,deny
Allow from all
Require all granted
</Directory>
Solution 7 - Windows
You will have to edit 2 files - 1. httpd-vhosts.conf & 2. httpd-xampp.conf
> NOTE : Make sure u backup files ( httpd-xampp.conf ) and ( > httpd-vhosts.conf ) , Both Files are located in > Drive:\xampp\apache\conf\extra
Open httpd-vhosts.conf file and in the bottom of the file change it
<VirtualHost *:80>
DocumentRoot “E:/xampp/htdocs/”
ServerName localhost
<Directory E:/xampp/htdocs/>.
Require all granted
</Directory>
</VirtualHost>
Here E:/xampp is my project workspace, you can change it as per your settings
and Second Change is on httpd-xampp.conf file and in the bottom of the file change it
#
# New XAMPP security concept
#
<LocationMatch “^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))”>
Order deny,allow
Allow from all
Allow from ::1 127.0.0.0/8
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
Solution 8 - Windows
To access the requested directory other than local network, you need to change the XAMPP security concept
configured in the file "httpd-xampp.conf".
- File location
xampp\apache\conf\extra\httpd-xampp.conf
> Require Directive Selects which authenticated users can access a resource
>
> Syntax « Require entity-name [entity-name] ...
From « XAMPP security concept allows only local environment - Require local
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Require local
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
To « XAMPP security concept allows any environment - Require all granted
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Require all granted
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
Access forbidden! message from HTML Page.
> Allow Directive Controls which hosts can access an area of the server
>
> Syntax « Allow from all|host|env=[!]env-variable [host|env=[!]env-variable] ...
Allowing only local environment. Using any of the below specified url's.
-
http://localhost/phpmyadmin/
-
http://127.0.0.1/phpmyadmin/
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))"> Order deny,allow Deny from all Allow from ::1 127.0.0.0/8 \ ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var </LocationMatch>
Allowing only to specified IPv4, IPv6 address spaces.
-
Link-local addresses for IPv4 are defined in the address block 169.254.0.0/16 in CIDR notation. In IPv6, they are assigned the address block
fe80::/10
-
A unique local address (ULA) is an IPv6 address in the block
fc00::/7
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))"> Order deny,allow Deny from all Allow from ::1 127.0.0.0/8 \ fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \ fe80::/10 169.254.0.0/16 ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var </LocationMatch>
Allowing for any network address. Allow from all
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
Allow from all
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
404 - XAMPP Control Panel: Unable to start Apache HTTP server.
URL: http://localhost/xampp/index.php
Error «
Not Found
HTTP Error 404. The requested resource is not found.
Required default Apache HTTP server port 80 is actually used by other Service.
- You need to find the service running with port 80 and stop the service, then start the Apache HTTP server.
Use Netstat to displays active TCP connections, ports on which the computer is listening.
<!-- language-all: lang-cmd -->
C:\Users\yashwanth.m>netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 2920
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1124
TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING 3340
TCP [::]:80 [::]:0 LISTENING 2920
C:\Users\yashwanth.m>netstat -ano |findstr 2920
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 2920
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 2920
TCP [::]:80 [::]:0 LISTENING 2920
TCP [::]:443 [::]:0 LISTENING 2920
C:\Users\yashwanth.m>taskkill /pid 2920 /F
SUCCESS: The process with PID 2920 has been terminated.
<!-- language-all: lang-cmd -->
-
Change listening port from main Apache HTTP server configuration file
D:\xampp\apache\conf\httpd.conf
. Ex:81
. FromListen 80
ToListen 81
, the access URL will behttp://localhost:81/xampp/index.php
.# Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses. # #Listen 0.0.0.0:80 #Listen [::]:80 Listen 80
For more information related to httpd and virtual host on XAMPP
Solution 9 - Windows
Comment out the line Require local in httpd-xampp.conf.
Restart Apache.
Worked for me connecting my mobile phone to my test web-site on my PC.
No idea of the security implications.
Solution 10 - Windows
just remove:
Alias /phpmyadmin "C:/xampp2/phpMyAdmin/"
<Directory "C:/xampp2/phpMyAdmin">
AllowOverride AuthConfig
Require all granted
</Directory>
and remove phpmyadmin from:
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|server-status|server-info))">
Solution 11 - Windows
Some of the Answers are correct, but in case of working with new xampp or with some one not working other answers try this:
just go to the xampp folder:
> xampp/apache/conf/extra/httpd-xampp.conf
and if you are trying to access from local ip in your network so change,
Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
<Directory "C:/xampp/phpMyAdmin">
AllowOverride AuthConfig
Require local
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</Directory>
Change to :
Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
<Directory "C:/xampp/phpMyAdmin">
AllowOverride AuthConfig
Require all granted
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</Directory>
Note: this is just for text, for the security of the xampp has some search....
Solution 12 - Windows
In your xampppath\apache\conf\extra open file httpd-xampp.conf and find the below tag:
<LocationMatch "^/(?i:(?:xampp|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
and add Allow from all
after Allow from ::1 127.0.0.0/8 {line}
Restart xampp, and you are done.
Solution 13 - Windows
If you're using a newer XAMPP (for example for PHP 5.6, 7) which is built with "Bitnami" installer and it includes Apache 2.4.x then this applies:
https://httpd.apache.org/docs/2.4/upgrading.html#run-time
> 2.2 configuration:
Order allow,deny
Allow from all
> 2.4 configuration:
Require all granted
This also applies to VirtualHost sections, if you have any custom virtualhost definitions.
Solution 14 - Windows
Ubuntu (Linux)
:- $ sudo gedit /opt/lampp/etc/extra/httpd-xampp.conf
Comment "Deny from all" in the following section,
Change file
> # New XAMPP security concept
> #
> fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
> fe80::/10 169.254.0.0/16
>
> ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
>
>
Solution 15 - Windows
For many it's a permission issue, but for me it turns out the error was brought about by a mistake in the form I was trying to submit. To be specific i had accidentally put ">" sign after the value of "action". So I would suggest you take a second look at your code
Solution 16 - Windows
I tried everything but nothing worked. So I just used : chmod -R 777 to htdocs. At least it's only in my local.
Solution 17 - Windows
A reason for this could be Skype as well! If you use the default XAMPP settings, they both would run on the same port (80). You can:
- Turn off Skype
- Change the XAMPP port
Solution 18 - Windows
> G:\xampp\apache\conf\extra\httpd-vhosts.conf
#start block
NameVirtualHost *:80
<VirtualHost *:80>
ServerName localhost
#change your directory name
DocumentRoot "G:\xampp\htdocs"
</VirtualHost>
#Your vertual Host
<VirtualHost *:80>
DocumentRoot "G:/xampp/htdocs/dev2018/guessbook"
ServerName dev.foreign-recruitment
<Directory "G:/xampp/htdocs/dev2018/guessbook/">
</Directory>
</VirtualHost>
#end block
Solution 19 - Windows
This could be because of wrong configuration, esp if your other sites are working fine.
<VirtualHost cmsdemo.git:88>
DocumentRoot "C:/Projects/rwp/"
ServerName cmsdemo.git
<Directory C:/Projects/cmsdemo/>
Require all granted
AllowOverride All
</Directory>
</VirtualHost>
Notice in DocumentRoot I am specifying one folder and in Directory, I am specifying another hence 403 Error. This fixed my problem.
Solution 20 - Windows
for anyone having problems when using xampp and IIS using windows,
check the xamp panel on apache which port is using
Let assume apache is using port 81
then try this
http://127.0.0.1:81/
for me worked like charm, it might help someone in future
Solution 21 - Windows
With Windows 10, these options don't work for me.
After reinstalling many times without understand the initial warning about User Account Control (UAC), it work me with these steps:
- Rename C:\xampp to C:\xampp_old,
- Create manually the C:\xampp folder
- Reinstall XAMPP in C:\xampp
- Move your app, if it was configurated, to new installation folder.
Now, if you want you can delete C:\xampp_old. I tried to install XAMPP in my desktop folder, but it failed me because my Windows user contains a space character and Apache doesn't run.