WampServer
Apache, PHP, MySQL
on Windows
Firewall and security issues
Posted by:
Brian
(---.dsl.mdsnwi.ameritech.net)
Date: January 21, 2006 07:26PM
Running Win XP with Norton Internet Security.
Are there any security issues or is there a way to configure the firewall to only allow a connection localy? I am a designer/developer and have this setup for that purpose on a box with a DSL connection. It is not on a network and there should be no reason for it to ever be connected to from any other computer.
I've had firewall warnings pop up before that a remote computer (from China) was trying to access Apache. Needless to say, that got me thinking a little more about the security issues.
Just wondering about the implications of allowing all connections to Apache and MySQL.
Thanks
Are there any security issues or is there a way to configure the firewall to only allow a connection localy? I am a designer/developer and have this setup for that purpose on a box with a DSL connection. It is not on a network and there should be no reason for it to ever be connected to from any other computer.
I've had firewall warnings pop up before that a remote computer (from China) was trying to access Apache. Needless to say, that got me thinking a little more about the security issues.
Just wondering about the implications of allowing all connections to Apache and MySQL.
Thanks
Re: Firewall and security issues
Posted by:
yfastud
(---.cable.mindspring.com)
Date: January 22, 2006 06:01AM
Consider to rewrite this to meet your own purpose. Notice that 127.0.0.1 is the your localhost's address
Set password:
1. Set password in privilleges in phpMyAdmin.
2. Set password in config.inc.php.
Set the permission to access PHPmyadmin and SQLitemanager (credited to Joshua).
1. open httpd.conf
2. find the lines
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
3. after the </directory> line above add the following:
<Directory "C:/Internet/wamp/www/phpmyadmin">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
<Directory "C:/Internet/wamp/www/sqlitemanager">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
4. change location of the directories as your might be different from "C:/Internet/wamp/www/phpmyadmin"
Also in Alias folder (/wamp/Apache2/conf/alias), replace these lines in phpmyadmin.conf and splitemanager.conf:
Order allow,deny
Allow from all
By these lines:
Order deny,allow
Deny from all
Allow from 127.0.0.1
Good luck,
Set password:
1. Set password in privilleges in phpMyAdmin.
2. Set password in config.inc.php.
Set the permission to access PHPmyadmin and SQLitemanager (credited to Joshua).
1. open httpd.conf
2. find the lines
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
3. after the </directory> line above add the following:
<Directory "C:/Internet/wamp/www/phpmyadmin">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
<Directory "C:/Internet/wamp/www/sqlitemanager">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
4. change location of the directories as your might be different from "C:/Internet/wamp/www/phpmyadmin"
Also in Alias folder (/wamp/Apache2/conf/alias), replace these lines in phpmyadmin.conf and splitemanager.conf:
Order allow,deny
Allow from all
By these lines:
Order deny,allow
Deny from all
Allow from 127.0.0.1
Good luck,
Re: Firewall and security issues
Posted by:
Brian
(---.dsl.mdsnwi.ameritech.net)
Date: January 22, 2006 08:26AM
Thanks for the info.
Got everything setup. All okay, except getting the following error trying to open phpMyAdmin:
#1251 - Client does not support authentication protocol requested by server; consider upgrading MySQL client
I am able to connect if I go into mysql and remove the password.
config file is set with 'config' auth_type and the password set. Also tried it with 'http' and no password.
The authorization box pops up with root set for user, but three failed attempts on the password and then the error comes up.
Am able to access mysql with the password from the command prompt. Also tried with and without the PmaAbsoluteUri set to the phpMyAdmin folder.
Other than the changes to the apache config file for the localhost, no other changes made.
Any ideas?? thanks
Got everything setup. All okay, except getting the following error trying to open phpMyAdmin:
#1251 - Client does not support authentication protocol requested by server; consider upgrading MySQL client
I am able to connect if I go into mysql and remove the password.
config file is set with 'config' auth_type and the password set. Also tried it with 'http' and no password.
The authorization box pops up with root set for user, but three failed attempts on the password and then the error comes up.
Am able to access mysql with the password from the command prompt. Also tried with and without the PmaAbsoluteUri set to the phpMyAdmin folder.
Other than the changes to the apache config file for the localhost, no other changes made.
Any ideas?? thanks
Sorry, only registered users may post in this forum.
