Xampp is a very nice package, although I have some problems making it secure.
Here's what I want:
• Make ALL pages Apache serves only accessible by localhost
That is, turn off all "outside" network traffic.
So I've edited httpd.conf like so:
- Code: Select all
<Directory "/Applications/XAMPP/xamppfiles/htdocs">
Options Indexes FollowSymLinks ExecCGI Includes
AllowOverride All
Order allow,deny
Allow from 127.0.0.1, localhost
</Directory>
This seems to work! Yey! When I access my computers IP from another box I get a access denied screen. Good. Then I did this in httpd.conf :
- Code: Select all
<Directory "/Applications/XAMPP/xamppfiles/phpmyadmin">
AllowOverride None
Options None
Order allow,deny
Allow from 127.0.0.1, localhost
</Directory>
This doesn't work though! :( I can still access http:x.x.x.x/phpmyadmin from another box! Can anyone help with this?
Then also, I commented out the user-folder-config file, as that was accessible from another box too. Anything else i need to turn off to make my dev server completely inaccessible from the network?
(Quite frankly, being able to have password-protected pages is nice and all, but really, if you're using XAMPP as a local dev server you're never going to access the computer from outside, so why even risk a password-attack by opening up authenticated access, right? It would be really awesome if XAMPP could come with a "xampp-private.conf" or something, for those of us who just use it as a local server. (Also, it's kind of a drag to have to type in passwords all the time when working locally. If a person gets access to my computer they can find passwords in php-files etc anyway. Right?)