Category Archives: XAMPP

Password protect a Location, LocationMatch or VirtualHost in Apache (XAMPP and Mac OS X)

Protecting a Location or VirtualHost in Apache is very similar to protecting a folder as I explained in “Password protect a folder in Apache (XAMPP and Mac OS X)“. The first part is just the same, creating a file with the user and password you want to use with the htpasswd command. Again, remember to place this file in a folder where no one can download it from the server.

/Applications/XAMPP/xamppfiles/bin/htpasswd -c /Applications/XAMPP/etc/.htpasswd admin
New password: 
Re-type new password: 
Adding password for user admin

Then go to your configuration file where your <Location>, <LocationMatch> and/or <VirtualHost> tags are and add just the same configuration lines as we did for protecting a folder with .htaccess file. For example to protect the XAMPP special locations open /Applications/XAMPP/xamppfiles/etc/extra/httpd-xampp.conf file and add the lines in bold font:

<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
    AuthName "Protected Area"
    AuthType Basic
    AuthUserFile /Applications/XAMPP/xamppfiles/etc/.htpasswd
    Require valid-user

    Order deny,allow
    Deny from all
    Allow from ::1 127.0.0.0/8 
               fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 
               fe80::/10 169.254.0.0/16

    ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>

To password protect a VirtualHost just edit the /Applications/XAMPP/xamppfiles/etc/extra/httpd-vhosts.conf file and add the same lines to your VirtualHost. For example:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName test.local
    ServerAlias test.local
    AuthName "Protected Area"
    AuthType Basic
    AuthUserFile /Applications/XAMPP/xamppfiles/etc/.htpasswd
    Require valid-user
    DocumentRoot "/Users/user/Documents/Webs/test.local"
    DirectoryIndex index.php index.html index.htm
    <Directory /Users/user/Documents/Webs/test.local>
        #IndexOptions +FancyIndexing NameWidth=*
        #Options Includes FollowSymLinks Indexes
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    ErrorLog "logs/test.local-error_log"
    CustomLog "logs/test.local-access_log" common
</VirtualHost>

Password protect a folder in Apache (XAMPP and Mac OS X)

First you have to create a file with the user and the password to be used with htpasswd:

/Applications/XAMPP/xamppfiles/bin/htpasswd -c /Applications/XAMPP/etc/.htpasswd admin
New password: 
Re-type new password: 
Adding password for user admin

It’s important to place this file in a place not available from the web service thus no one can download that file. Then add a .htaccess file to the folder you want to protect:

vi /Users/user/Documents/Webs/test.local/.htaccess

And add this content:

AuthName "Protected Area"
AuthType Basic
AuthUserFile /Applications/XAMPP/etc/.htpasswd
require valid-user

Reload the Apache server and then when you try to access to that folders URL you will get an auth prompt like this:

Source: Stabeler.

Configure virtual hosts for XAMPP in Mac OS X

Lets suppose we want to have 2 virtual hosts in our server wich will be accesible via http://web1.com and http://web2.com and their content will be stored respectively in:

/Users/user/Documents/Webs/web1.com

and

/Users/user/Documents/Webs/web2.com

Firts we have to configure web1.com y web2.com to be resolved to our computer. We could configure a DNS server for that task but it’s much simpler to edit the /etc/hosts file and add:

127.0.0.1 web1.com
127.0.0.1 web2.com

Check in a terminal that doing ping to those names they are resolved as 127.0.0.1:

$ ping web1.com
PING web1.com (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.044 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.068 ms

Download XAMPP and install it.

Edit /Applications/XAMPP/etc/httpd.conf and change User and Group parameters to your user name and staff group.

User user
Group staff

Uncomment the line that includes the virtual hosts configuration file:

# Virtual hosts
Include /Applications/XAMPP/etc/extra/httpd-vhosts.conf

Edit Applications/XAMPP/etc/extra/httpd-vhosts.conf and delete 2 example VirtualHost that come by default and add the following:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName localhost
    ServerAlias localhost
    DocumentRoot "/Applications/XAMPP/xamppfiles/htdocs"
    ErrorLog "logs/localhost-error_log"
    CustomLog "logs/localhost-access_log" common
</VirtualHost>
 
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName web1.com
    ServerAlias web1.com
    DocumentRoot "/Users/user/Documents/Webs/web1.com"
    DirectoryIndex index.html
    <Directory /Users/user/Documents/Webs/web1.com>
        #IndexOptions +FancyIndexing NameWidth=*
        #Options Includes FollowSymLinks Indexes
        #AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    ErrorLog "logs/web1.com-error_log"
    CustomLog "logs/web1.com-access_log" common
</VirtualHost>
 
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName web2.com
    ServerAlias web2.com
    DocumentRoot "/Users/user/Documents/Webs/web2.com"
    DirectoryIndex index.html
    <Directory /Users/user/Documents/Webs/web2.com>
        #IndexOptions +FancyIndexing NameWidth=*
        #Options Includes FollowSymLinks Indexes
        #AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    ErrorLog "logs/web2.com-error_log"
    CustomLog "logs/web2.com-access_log" common
</VirtualHost>

As you can see there is also a VirtualHost for the root of XAMPP thus we can access status info of the server and phpMyAdmin console opening http://localhost.

Put inside our 2 web folders a index.html file with some content, start XAMPP and check you can access both virtual hosts URLs and that you see index.html content. You can change DirectoryIndex value to a list of files and XAMPP will load the first one it finds. For example to try loading first index.php and then index.html:

DirectoryIndex index.php index.html

If you want to access the folder content of the directories just uncomment first 3 lines in <Directory>...</Directory> tag. Other way you would get a 403 error.