Additional security for xampp test server

You may recall in a previous post I discussed securing your xampp test server so that xampp could be run as a windows service, and not be accessible to the outside world. When you’re running a test server this is a significant security breach, and would also allow others to see your test sites before they are complete.

I was satisfied that my webserver was now secure but I didn’t reckon on SSL. Thankfully I received a private message from another xampp user who told me I need to also ensure that port 443 is closed to outside traffic. SSL means ‘secure sockets layer’ and is the extra security applied by your browser to a webpage. You know your browser is using SSL when the address bar says https://some.secure.website, as compared to the more usual http://an.ordinary.website

Xampp ships with SSL because it can actually be used as a production webserver if needed, but to peple like me who only want to test my themes on serendipity blog I don’t need these extra facilities. Sometimes I wish a dedicated plain old test server could be packaged up by someone, but until then Xampp is the best.

Now, to secure our test server from outside interference on port 443 we need to bind apache to our local IP (127.0.0.1) on port 443. This time we’re going to open ‘c:\program files\xampp\apache\conf\extra\httpd-ssl.conf’ in wordpad, and once again you will find the listen directive close to the top of the page. Insert this line,

Listen 127.0.0.1:443

Your test server should now include the additional security needed, but you will need to restart xampp for the changes to be applied.

Comments are closed.