新的安全概念 Xampp 403 禁止访问

Posted

技术标签:

【中文标题】新的安全概念 Xampp 403 禁止访问【英文标题】:New Security concept Xampp 403 Access forbidden 【发布时间】:2019-05-06 10:04:32 【问题描述】:

我被困在这条消息上,无法通过http://localhost/phpmyadmin 访问 phpmyadmin

我已经阅读了很多主题和论坛来解决这个问题,但没有成功。 我尝试修改 Require Local 以要求所有在我的 httpd-xampp.conf 中授予的权限,但没有成功:

这是我的 httpd-xampp.conf:

#<IfDefine PHP4>
#LoadModule php4_module        modules/libphp4.so
#</IfDefine>
#<IfDefine PHP5>
#LoadModule php5_module        modules/libphp5.so
#</IfDefine>
# We will enable it by default
#<IfDefine PHP>
   LoadModule php5_module        modules/libphp5.so
#</IfDefine>
LoadModule perl_module        modules/mod_perl.so
Alias /phpmyadmin "/Applications/XAMPP/xamppfiles/phpmyadmin"
Alias /phpsqliteadmin "/Applications/XAMPP/xamppfiles/phpsqliteadmin"
# since XAMPP 1.4.3
<Directory "/Applications/XAMPP/xamppfiles/phpmyadmin">
    AllowOverride AuthConfig Limit
    Require all granted
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>
<Directory "/Applications/XAMPP/xamppfiles/phpsqliteadmin">
    AllowOverride AuthConfig Limit
    Require all granted
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>
# since LAMPP 1.0RC1
AddType application/x-httpd-php .php .php3 .php4
XBitHack on
# since 0.9.8 we've mod_perl
<IfModule mod_perl.c>
        AddHandler perl-script .pl
    PerlHandler ModPerl::PerlRunPrefork
    PerlOptions +ParseHeaders
        PerlSendHeader On
</IfModule>
# demo for mod_perl responsehandler
#PerlModule Apache::CurrentTime
#<Location /time>
#      SetHandler modperl
#      PerlResponseHandler Apache::CurrentTime
#</Location>
# AcceptMutex sysvsem is default but on some systems we need this
# thanks to jeff ort for this hint
#AcceptMutex flock
#LockFile /Applications/XAMPP/xamppfiles/logs/accept.lock
# this makes mod_dbd happy - oswald, 02aug06
# mod_dbd doesn't work in Apache 2.2.3: getting always heaps of "glibc detected *** corrupted double-linked list" on shutdown - oswald, 10sep06
#DBDriver sqlite3
#
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
     Require all granted
     ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>

我的 http-vhost.conf:

# Virtual Hosts
#
# Required modules: mod_log_config

# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at 
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot "/Applications/XAMPP/xamppfiles/docs/dummy-host.example.com"
    ServerName dummy-host.example.com
    ServerAlias www.dummy-host.example.com
    ErrorLog "logs/dummy-host.example.com-error_log"
    CustomLog "logs/dummy-host.example.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host2.example.com
    DocumentRoot "/Applications/XAMPP/xamppfiles/docs/dummy-host2.example.com"
    ServerName dummy-host2.example.com
    ErrorLog "logs/dummy-host2.example.com-error_log"
    CustomLog "logs/dummy-host2.example.com-access_log" common
</VirtualHost>

有人可以帮帮我吗? :-)

【问题讨论】:

【参考方案1】:

我想是因为您不允许在 "/opt/lampp/phpmyadmin" 目录中覆盖。

因此,如果您愿意,可以使用此配置进行测试,但在删除当前配置之前,请先为它创建一个 bak:

cp httpd-xampp.conf httpd-xampp.conf.bak

使用此配置进行测试:

#<IfDefine PHP4>
#LoadModule php4_module        modules/libphp4.so
#</IfDefine>
#<IfDefine PHP7>
#LoadModule php7_module        modules/libphp7.so
#</IfDefine>

# We will enable it by default
#<IfDefine PHP>
   LoadModule php7_module        modules/libphp7.so
#</IfDefine>

LoadModule perl_module        modules/mod_perl.so

Alias /phpmyadmin "/opt/lampp/phpmyadmin"

# since XAMPP 1.4.3
<Directory "/opt/lampp/phpmyadmin">
    AllowOverride AuthConfig Limit
    Require all granted
    ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</Directory>

# since LAMPP 1.0RC1
AddType application/x-httpd-php .php .php3 .php4

XBitHack on

# since 0.9.8 we've mod_perl
<IfModule mod_perl.c>
        AddHandler perl-script .pl
        PerlHandler ModPerl::PerlRunPrefork
        PerlOptions +ParseHeaders
        PerlSendHeader On
</IfModule>

# demo for mod_perl responsehandler
#PerlModule Apache::CurrentTime
#<Location /time>
#      SetHandler modperl
#      PerlResponseHandler Apache::CurrentTime
#</Location>

# AcceptMutex sysvsem is default but on some systems we need this
# thanks to jeff ort for this hint
#AcceptMutex flock
#LockFile /opt/lampp/logs/accept.lock

# this makes mod_dbd happy - oswald, 02aug06
# mod_dbd doesn't work in Apache 2.2.3: getting always heaps of "glibc detected *** corrupted double-linked list" on shutdown - oswald, 10sep06
#DBDriver sqlite3

您也可以通过更改Require all granted 来制作精确的地址@IP 和 Require ip &lt;YOUR @IP&gt;

【讨论】:

以上是关于新的安全概念 Xampp 403 禁止访问的主要内容,如果未能解决你的问题,请参考以下文章

新的 xampp 安全概念:Access Forbidden Error 403 - Windows 7 - phpMyAdmin 与最新版本的 xampp 7.2.12

添加 VirtualHost 失败:访问禁止错误 403 (XAMPP) (Windows 7)

添加 VirtualHost 失败:访问禁止错误 403 (XAMPP) (Windows 7)

添加 VirtualHost 失败:访问禁止错误 403 (XAMPP) (Windows 7)

添加 VirtualHost 失败:访问禁止错误 403 (XAMPP) (Windows 7)

错误 403 和 XAMPP 错误 20024