It looks like this is a little different twist on the usual question here (i.e. how to make XAMPP available to the network) - instead I'm interested in how to lock it down (as simply as possible) so that the various servers listen *only* on the loopback interface i.e. 127.0.0.1 or 'localhost'.
I've read through the security blurb in the readme*.txt file, and I've gone to the page @ http://localhost/security/xamppsecurity.php
and did the steps provided there (passwords for mysql users 'root' and 'pma' and secured directory access for 'xampp').
So... now what? I'm not at a spot (right this minute) where I can wantonly start poking/prodding to see if the apache/mysql servers respond on the external NIC interface. What I have in mind (way down the road) is having a pre-canned htdocs folder and mysql database that I can somehow provide to end-users (volunteer project) as part of a web-browser based app that they can host on their own machines. Some (many) may not have anything suitable installed on their computer (most likely older hardware, possibly laptops, most likely stand-alone un-networked) so I thought XAMPP (lite) might be able to provide a relatively simple way to setup a basic webserver/sql database for them to use. I'd like to be able to outline how to at least do a simple closing of windows and doors so to speak, so if they do end up using a networked machine the web & database servers aren't a blatant security risk on an external interface...
If someone could point me in the right direction I'd greatly appreciate it.