4. Secure localhost, Tutorial
Learn to secure your localhost using the Order directive: Allow ⁄ Deny
Steps:
- start Apache
- access Apache's configuration file
- change the directive's rule 'Allow from all'
- save & restart Apache & run a test
- grant other people's access to your localhost
Video demonstration XAMPP: Secure localhost
4. Secure localhost, Tutorial
min | video details |
---|---|
00:03 | access localhost (goes by default to xampp directory) |
00:06 | provide a user and a password If you want to know how to password protect your xampp directory, click here for a video demo |
00:13 | go to 'Security' page and check the Status => everything is secured EXCEPT the localhost (=htdocs, your web directory) |
00:34 | let's remove the redirection toward 'xampp' directory by simply replacing/renaming the existing index.php file with our index.php file |
00:45 | go to xampp -> htdocs |
01:00 | each time we're accessing the index.php from localhost, we are redirected toward the 'xampp' directory |
01:06 | renaming index.php |
01:10 | drag and drop our index.php inside |
01:17 | removing /xampp/ from url |
01:19 | now we're displaying the content of the index.php from 'htdocs'; before we saw the content of the index.php from 'xampp' directory |
01:23 | open Apache's configuration file 'httpd.conf' |
01:36 | scroll into view <Directory "C:⁄xampp⁄htdocs"> |
01:42 | check the directive's rule "Allow from all": allow access to everyone to your localhost... |
01:49 | in xampp directory configuration's file there's a directive we can copy ⁄paste to Apache's configuration file; it will allow us to restrict everyone's access to localhost, except us |
02:05 | the 2 rules say: deny from all but allow from 127.0.0.0/8 = us, the localhost; in this casewhen localhost is accessible by us only |
02:34 | restart Apache and let's test it |
02:47 | test ok; we (the 127.0.0.0/8) are still able to access it, others can't do it |
02:53 | re-open Apache's configuration file to change the directive |
03:02 | by commenting the 'Allow..' line, 'Deny from all' applies only, our access is restricted too this time |
03:09 | restarting Apache and test |
03:23 | test ok: Access is forbidden! |
03:29 | we don't want to leave it like this, we would like to restrict access to everyone except us and maybe our client |
03:42 | to grant access to your client, you can add his ip after your server's address (ip) separated by a comma like this: Allow from 127.0.0.0/8,xxx.xx.xx.x (instead of xx.. use a real ip, the client's ip) |