Securing Your Xampp Test Server

One of the issues I grappled with was how to keep my test server running as a Windows service, yet also make sure that nobody else over the Net could access my test server. I figured this would be a security breach that might allow someone to hack into my computer.

For those of you who wonder whether this article applies to you, I am using Windows XP Home, and because this version of Windows doesn’t come with a webserver, I downloaded and installed the Windows version of Xampp. I am also using the standard firewall that comes with Windows.Configuring Xampp (Apache)
We need to tell Apache to restrict itself to only serving pages to ourselves, in other words if we are browsing the web and somebody else types in our IP address they should not be able to access our test sites. This is relatively easy to fix once you know what you’re looking for, but it took awhile for me to figure out. Googling for anything to do with a test server isn’t likely to help you very much. The experts don’t seem to realise that some of us just want a server to run test versions of blogs so they make everything more complex than it needs to be.

A little bit of background – when we’re online, our ISP gives us an IP address so that webservers know where to send the webpages we want to browse. If you have a home network and share files between computers then Windows will automatically configure an IP address for each computer. Similarly, when we use a test server and type in http://localhost, our browser actually translates this as the IP address, and this is the address we need to use to make sure that Xampp is configured for our use only.

What we need to do is tell Apache that it should bind itself to our local IP ( and only listen to a specific port (port 80) for any http requests. And you thought I was overreacting when I said the experts make this more complex than it needs to be! Basically all this means is we have to edit a single line in our httpd.conf file within the Apache folders. So without further ado, start Wordpad, and open the file ‘c:\program files\xampp\apache\conf\httpd.conf’.

Now use the find feature to look for the word ‘listen’. It should look like this;

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the
# directive.
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (

Notice how the last line says ‘Listen′, your line needs to say exactly the same thing. Now save, and restart Xampp.

Configuring Windows Firewall
The windows firewall seems likea pretty good piece of software, and when properly configured should protect you and your data from hackers. In fact, I found a site that tests your firewall Shield’s Up Firewall Tester.

For some of us, Xampp (Apache) will be configured through the windows firewall to allow outside users access to your webserver.

Uncheck the Apache box

In this screenshot of the windows firewall, which is found by going to Control Panel, then Security Center, then Windows Firewall, you’ll see that Apache (our weberver) is configured to be accessible to the rest of the world. Do yourself a favour and uncheck this box.

You’ll still be able to use your test server by browsing to localhost, but nobody else will be able to access your server.

Good luck.

Comments are closed.