Apache Friends Support Forum

HI everyone. I have used XAMPP to have a public website with my own computer. So I have followed all XAMPP suggested security steps and do it all, but I know XAMPP is not designed to use in public. I know its original purpose is a self testing environment.

The xampp login page is open to public now, anyone can just try to access with my computer IP address, is there anyway to secure that? Even my username and password are very complicated, someone may be able to keep running program to test the possible combination, and that is not fun.

What other security things I should do since I am using it as a public service?

Thanks a lot. XAMPP is a great product, I cannot find any other which is better then I just use it even for public. Thanks!

Read the documentation about VirtualHosts, how to install different domains on your server (i.e. one localhost, one public), assign different DocumentRoots and install all security related software only to localhost.

There is plenty of documentation in the WWW about Apache, VirtualHosts etc.

Nobbie wrote:Read the documentation about VirtualHosts, how to install different domains on your server (i.e. one localhost, one public), assign different DocumentRoots and install all security related software only to localhost.

There is plenty of documentation in the WWW about Apache, VirtualHosts etc.

How about secure the login page of xampp? So other than localhost cannot reach the page? Any example?

I am so surprised that seem like no one care about this topic!

Hi -

I provided a solution (complete with example) for this particular issue in this topic:

viewtopic.php?f=16&t=41118&p=163011&hilit=.htaccess#p163011

Good Luck


NOTE:
A - this is an all volunteer project, but you can have my cell phone # for instant repsonses and dire emergencies at my customary rate -- just like my corporate clients.
B - YOU could have searched this forum and found the answer I had already posted.
C - Open Source Projects are free, but YOU are responsbile for the learning curve, that's how it works. I learned all the 'stuff' I know about Linux, X-Platform porting, XAMMP, Apache, PHP, Perl, MySQL, WordPpess, YaBB, FileZilla, Zimbra and hMail (and countless other tools mentioned in posts) by joining forums & mailing lists, searching, reading and testing possible solutions on my own dime.

YSLF

JonB wrote:Hi -

I provided a solution (complete with example) for this particular issue in this topic:

viewtopic.php?f=16&t=41118&p=163011&hilit=.htaccess#p163011

Good Luck


NOTE:
A - this is an all volunteer project, but you can have my cell phone # for instant repsonses and dire emergencies at my customary rate -- just like my corporate clients.
B - YOU could have searched this forum and found the answer I had already posted.
C - Open Source Projects are free, but YOU are responsbile for the learning curve, that's how it works. I learned all the 'stuff' I know about Linux, X-Platform porting, XAMMP, Apache, PHP, Perl, MySQL, WordPpess, YaBB, FileZilla, Zimbra and hMail (and countless other tools mentioned in posts) by joining forums & mailing lists, searching, reading and testing possible solutions on my own dime.

YSLF

Your solution isn't for my question. Yours is applying block rule in general, I am trying to just block the main xampp page access if someone point to my ip.

Your solution isn't for my question.

YES IT IS -

Actually - it tells you how to make a .htaccess files (and matching password file).

THEN - you put it in ANY DIRECTORY YOU WANT INCLUDING THE XAMMP FOLDER UNDER HTDOCS.

SO you put the .htaccess file in the c:\xampp\htdocs\xampp folder - then it will be protected.

Works like a charm, but YOU would have to use your brain. or read the Apache online documentation. (like Nobbie suggested earlier).

here's a suggestion on Amazon:

http://www.amazon.com/Reading-Comprehen ... 1576854949

One last point - the xammp folder under htdocs really isn't needed, its a convenience. So if you are really worried anyone would bother to hack you/it == REMOVE IT!

Good Luck

If you're done with xampp setup than delete xampp index.php file which are redirecting you to xampp configuration.

Also don't delete xampp folder... you will need it, but set password for xampp so nobody will have access to it by entering localhost/xampp or you can just rename it.

I did like this and everything works like a charm
(just in case...)