3

Recently I used WAMP server to set up a server environment in a Windows machine. Everything works great, but I have a little problem: everyone can access the wampserver homepage, therefore they can see other webpages hosted in the same server, the server file system, etc.

The URLs of the webpage have the following format: hostname/project1, hostname/project2... The main problem is that, anyone can see all the projects that are hosted by going to the direction of the hostname because this will lead to the wampserver homepage, and I would prefer that this homepage could be accessed only in the localhost of the windows host. Is there any way to do that? I'm guessing that I will need to modify some parameters in configuration files, but I have no idea wich ones...

Muhammad Faizan Khan
  • 10,013
  • 18
  • 97
  • 186
Marcel Otón Pàmies
  • 53
  • 1
  • 1
  • 4

4 Answers4

5

If you intend to block access to all sites hosted on this computer from outside access, you can do this in your main apache configuration file at <installation drive>/wamp/bin/apache/Apache<version number>/conf/httpd.conf. .htaccess is more for per-site configurations, though it will certainly work if you put it in the main www directory.

To disallow outside access to the www folder (open by default) find the part of the apache configuration file (path shown above) that looks like:

<Directory "<installation drive>/wamp/www">
    # There will be comments here and some options like FollowSymLinks and AllowOverride
    Order Allow,Deny
    Allow from all
</Directory>

And change it to:

<Directory "<installation drive>/wamp/www">
    # There will be comments here and some options like FollowSymLinks and AllowOverride
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
</Directory>

If your goal is not to block outside access to all of your sites, it would help to know more about your set up. And if your goal is only to block the 'localhost' page and still allow access to, say, 'localhost/site1' then this question may be a duplicate of this.

Edit: As you point out, there is not a good resolution for the question I linked. Assuming you have your public sites set up as virtual hosts in a sub folder of the webroot like:

|-wamp_root
  |-www
    |-vhosts
      |-public_site_1
      |-public_site_2

Then you can go back into your httpd.conf and add this below your /wamp/www/ rule:

<Directory "<installation drive>/wamp/www/vhosts/">
    # There will be comments here and some options like FollowSymLinks and AllowOverride
    Order Allow,Deny
    Allow from all
</Directory>

This will allow anything in the www folder to be accessed only locally, and anything in the vhosts sub folder to be accessible outside. Again, remember to restart Apache whenever you change this file.

Community
  • 1
  • 1
Sarah Kemp
  • 2,670
  • 3
  • 21
  • 29
  • Thanks Sarah, my question is indeed a duplicate from the question you suggested, but since that one didn't have any solution, I haven't fixed my problem yet...I've managed to block access to all my projects by changing the allow/deny policy of the httpd.conf, but that's not what I wanna do. I only want to block access from the root of my server to all accesses except localhost, but the www can be accessed from anywhere. This is what my httpd.conf looks like: – Marcel Otón Pàmies Feb 07 '13 at 08:39
  • ` Options Indexes FollowSymLinks Order Allow,Deny Allow from all Options Indexes FollowSymLinks AllowOverride all Order Allow,Deny Allow from 127.0.0.1 localhost Deny from all ` – Marcel Otón Pàmies Feb 07 '13 at 08:46
  • 1
    I have expanded my answer to cover the situation you described. – Sarah Kemp Feb 07 '13 at 16:50
  • Hi i used this `Order Deny,Allow Deny from all Allow from 127.0.0.1` but outsider is still able to watch my homepage. – Muhammad Faizan Khan Jan 09 '19 at 09:30
  • `Require local` appears in my httpd.conf immediately after installing wamp, so [blocking outside access](https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html#reqlocal) appears to be the default now. – Bob Stein Apr 10 '19 at 23:11
1

It should be possible to block other users using the windows firewall. You could also use a .htaccess file like this one:

Order deny,allow
Deny from all
Allow from 127.0.0.1

You will have to make sure that AllowOverride is set to All in the apache configuration and that the .htaccess wil be applied to all subdirectories too, otherwise your projects will still be available.

Patrick Kostjens
  • 5,065
  • 6
  • 29
  • 46
0

It appears (after a bit of head-scratching myself), the answer to this question was simple.

In the Windows Taskbar, left click the WAMP icon, then click 'Put Offline'.

It doesn't appear to take the entire webserver "offline", just the root homepage? and anything you've configured in your httpd.conf file to be accessible externally still stands, they are still reachable.

NOTE: The default VHOST's are still reachable though, PHPINFO and PHPMYADMIN for example!

Jayme Sellars
  • 3
  • 1
-1

It is not difficult.

  1. edit the index file by notepad++
  2. find the line &projectContents
  3. change from &projectContents to &project---Contents

then the project title disappears.

lmo
  • 37,904
  • 9
  • 56
  • 69
sam
  • 1