It came out a few days ago XAMPP 1.8.0 yesterday after upgrading from version 1.7.7 I had a pretty interesting problem. Phpmyadmin-а не ми се отваряше и изгърмяваше със 403

Access forbidden!


New XAMPP security concept:

Access to the requested object is only available from the local network.

This setting can be configured in the filehttpd-xampp.conf”.

Веднага отворих httpd-xampp.conf който при мен се намира в /opt/lampp/etc/extra/, на пръв поглед всичко изглеждаше наред. The LAN rules were fine. Apart from opening from localhost. WTF ??? I looked at the log and saw that my access was cut off from the configuration. Тука вече нещата ме ахнаха и честно казано донякъде малко на късмет открих проблема. След като преглеждах httpd.conf-а видях в Allow/Deny клаузите един последен ред Require all granted. О да еврика. This is the new control mechanism that has entered apache 2.4.x. It gives access or denies access to all required, it generally mimics the Allow / Deny functionality :). To fix the problem add Require all granted in the / opt / lampp / phpmyadmin folder directives. After the changes, it looks like this to me

<Directory “/opt / lampp / phpmyadmin”>
AllowOverride AuthConfig Limit
Order allow,deny
Allow from all
Require all granted
</Directory>

 

Viangi can try other savages, for example to rename the phpmyadmin folder to something else and make an alias to no. But it's uglier and not very meaningful 🙂

p.s I was asked why I use XAMPP and not a clean installation of all components as my Debian gave birth to them – the answer is very very simple – LAZINESS. I'm too lazy to write a few commands and then touch my conf and so on. It is much easier to download the whole package, unzip and burn 😉

Enhanced by Zemanta

A few days ago I had a terrible problem with ModSecurity and phpMyAdmin installed. In general, the problem was that, the security module perceived phpMyadmin requests as sql injection attacks. The solution is again trivial, just for the phpmyadmin files I turn off rule checking. I wrote the rules in modsecurity.d / modsecurity_localrules.conf which is located in the folder of your apache server. Here are the rules themselves.

<LocationMatch “/phpmyadmin/tbl_change.php”>
SecRuleEngine Off
</LocationMatch>

<LocationMatch “/phpmyadmin/sql.php”>
SecRuleEngine Off
</LocationMatch>

<LocationMatch “/phpmyadmin/managecontent.php”>
SecRuleEngine Off
</LocationMatch>

<LocationMatch “/phpmyadmin/import.php”>
SecRuleEngine Off
</LocationMatch>

<LocationMatch “/phpmyadmin/tbl_select.php”>
SecRuleEngine Off
</LocationMatch>

<LocationMatch “/phpmyadmin/tbl_replace.php”>
SecRuleEngine Off
</LocationMatch>

Today my phpmyadmin screamed for no apparent reason with the following gross error

Cannot start session without errors, please check errors given in your PHP and/or webserver log file and configure your PHP installation properly.

Generally the problem is the elementary variable session.save path in the php.ini file was worthless. The mystique was unleashed when I remembered that I upgraded my php version and then I probably inadvertently reduced the old settings, and today I restarted the server, that he had started filling the swap because of a zombie 🙂