WampServer
Apache, PHP, MySQL
on Windows
Recommended Procedure for Securing the Config Page
Posted by:
muck312
(---.hfc.comcastbusiness.net)
Date: May 31, 2013 03:00PM
I am a newb at this stuff but I do have wampserver up and running fine, all is configured properly with one exception.
I can view the server configuration page directly through the IP address. Is there a recommended procedure to secure this page from public view, behind a password or simply blocked access?
I can view the server configuration page directly through the IP address. Is there a recommended procedure to secure this page from public view, behind a password or simply blocked access?
Re: Recommended Procedure for Securing the Config Page
Posted by:
RiggsFolly
(---.as13285.net)
Date: May 31, 2013 06:26PM
It comes secured out of the box.
As long as you dont 'Put Online' ( its not required for normal running ) Apache is configured to only respond to requests from 127.0.0.1 i.e. localhost.
So it will ignore a request from any other ip address.
As long as you dont 'Put Online' ( its not required for normal running ) Apache is configured to only respond to requests from 127.0.0.1 i.e. localhost.
So it will ignore a request from any other ip address.
Re: Recommended Procedure for Securing the Config Page
Posted by:
muck312
(---.static.nwtn.ct.charter.com)
Date: June 01, 2013 03:43AM
If I select "Put Offline" the server stops responding to clients over the internet.
I need to leave apache up but put the server configuration page behind a password or somehow blocked from access. Can the server configuration page be put behind a firewall while leaving the server accessible?
I need to leave apache up but put the server configuration page behind a password or somehow blocked from access. Can the server configuration page be put behind a firewall while leaving the server accessible?
Re: Recommended Procedure for Securing the Config Page
Posted by:
RiggsFolly
(---.as13285.net)
Date: June 01, 2013 07:52AM
Oh right so you want to server pages to the world but stop access to the wamp home page. Right I get it now.
The best way to do that is to leave WAMP set to Offline and create a Virtual Host for each site that you want to be visible to the world.
This way you can leave the c:\wamp\www security set to only 'allow from localhost' but the virtual hosts can be 'allow from all'
Heres a tutorial on how to setup virtual hosts:
[forum.wampserver.com]
The best way to do that is to leave WAMP set to Offline and create a Virtual Host for each site that you want to be visible to the world.
This way you can leave the c:\wamp\www security set to only 'allow from localhost' but the virtual hosts can be 'allow from all'
Heres a tutorial on how to setup virtual hosts:
[forum.wampserver.com]
Sorry, only registered users may post in this forum.
