Apache Windows via Xampp

8/10/2019 Apache Windows via Xampp

1/22

- APACHE WINDOWS VIA XAMPP -

I am in no way versed in Apache. Out of sheer necessity I had to install

it to set certain things up. So this tutorial is mainly focused on

settings, tips, security, etc that I did. The installing part is easy.

Windows: I'm using the portable version of 'XAMPP' (xampp-win32-1.7.1.exe)

and love it. It's bundled with lots of goodies all ready to use out of the

box. My XAMPP is: Apache HTTPD 2.2.11 + Openssl 0.9.8i, MySQL 5.1.33, PHP

5.2.9, phpMyAdmin 3.1.3.1, XAMPP CLI Bundle 1.3, FileZilla FTP Server

0.9.31, Mercury Mail Transport System 4.62.

You don't even need to make/install a SSL certificate or enable it; it's

done, your site is ready to go https.

INSTALLING XAMPP WINDOWS

XAMPP NOTES

NAVIGATING

SETTING HOMEPAGE

SETTING HOMEPAGE TO ANOTHER DIRECTORY

TO BAN IPs FROM ACCESSING YOUR SITE

LINKING OTHER AREAS ON BOX TO YOUR WEBSITE

FORCE REDIRECT HTTP TO SSL HTTPS


2/22

TO CHANGE SIZE OF FILES ALLOWED TO UPLOAD

SECURITY TIPS

TROUBLE SHOOTING

INSTALLING XAMPP WINDOWS:

`````````````````````````

Their site is HERE, check for the latest versions. They have a very active

forum HERE with very nice, helpful peeps, promise :).

1. Exclude 'xampp-win32-xxx.exe' and its 'installed location' from virus

scanners and disk cleaning utilities.

2. Double click file to extract it. Extract to root of a drive; it must be

run from the root of a drive. If you do move this from one drive to

another the Drive letter must be the same, or you'll need to do some

editing to the configuration files.

3. In your router; forward ports 80 and 443 for https.

4. To test this locally, and/or with your own domain (see my DYNDNS

tutorial to get a free domain for your box) I had to edit my 'hosts' file

which is here:

C:\WINDOWS\system32\drivers\etc\hosts (the name of this file is hosts, no

extension)

Right click on file, select Properties, under Attributes remove Read-only

if checked/OK.

Open file with WordPad, Mine had this:

127.0.0.1 localhost

I changed it to:


3/22

127.0.0.1 localhost

192.168.1.2 my.freedomain.com

(192.168.1.2 is my internal IP on my network)

Close that file selecting the red X, select OK; not file / save. Right

click on file, select Properties, under Attributes select 'Read-only' /OK

/ even if it wasn't set earlier (security reasons).

To quickly view your own internal IP on the network double click on the

network icon in your system tray (far right, looks like 2 computer

monitors flashing), Support tab, will state 'IP Address: 192.168.2' or

whatever yours is.

Windows 8 users: If you are using the built-in 'Windows Defender'

antivirus then you must:

1. Exclude the 'hosts' file from being monitored by Windows Defender or it

will remove any changes you make to this file:

Windows key > type in Windows Defender > Enter > Settings tab > Exclude

Files and locations > Browse button > navigate to file > OK > Add > Save

Changes

2. Launch your text editor as Admin to make changes to the hosts file.

Example: Windows key > type in Wordpad > right click Wordpad icon > Run

as administrator > file type box select 'All Files (*.*)'

XAMPP NOTES:


4/22

````````````

1. Apache configuration file is here: D:\xampp\apache\conf\httpd.conf

2. When ever you edit a server configuration file you must restart the

server; stop then start Apache not refresh the

Control Panel to have the edits recognized.

3. Error log is here: D:\xampp\apache\logs\error.logs

4. If you get this error: "Warning: include(lang/jp=.php)

[function.include]: failed to open stream: No such file or directory in

D:\xampp\htdocs\xampp\index.php on line 12"

Fix it like this:

Open 'lang.tmp' here: \xampp\htdocs\xampp\lang.tmp in your text editor and

type en on the first line (if your language is English) then

save.

If you don't have this file create a blank file and name it lang.tmp as

XAMPP will ask you for your language again.

5. For convenience I have:

a. mysql_start.bat & xampp-control.exe start at computer startup.

b. Have made a shortcut on my tool bar for D:\xampp\mysql_stop.bat &

D:\xampp\xampp-control.exe. You need to use mysql_stop.bat to properly

shut down mysql, for example every reboot. You'll need xampp-control.exe

often when making changes to config files.

NAVIGATING:

```````````

The root of website is 'htdocs'. Below are example treepaths:


5/22

FILE IS HERE URL IS

D:\xampp\htdocs\ http://localhost/

D:\xampp\htdocs\mewbies\ http://localhost/mewbies/

D:\xampp\htdocs\xampp\mewbies\ http://localhost/xampp/mewbies/

D:\xampp\htdocs\xampp\index.php http://localhost/xampp/index.php

etc.

SETTING HOMEPAGE:

`````````````````

If you want your homepage to be: http://yoursite.com

1. Copy over to somewhere safe first, and then remove everything in

'htdocs' except the 'xampp' directory.

2. Place your index.html in there; D:\xampp\htdocs\index.html

3. To access your Admin page you will now need to use the default URL:

http://localhost/xampp/index.php. The 'button' on the xampp-control.exe

for the Admin page will no longer be able to access that. Instead the

Admin button will now open your homepage.

If you leave the index.php file in the htdocs dir the control panel

application button will still open the Admin page, but the direct URL will

not open your site, it will open the Admin page. I'm sure you can set that

in apache correctly if you want to leave index.php there so your control

panel button still works on it. I didn't bother, see below for a method.

SETTING HOMEPAGE TO ANOTHER DIRECTORY:

``````````````````````````````````````


6/22

For some reason you might want to have http://yoursite.com open a

different directory than the default: D:\xampp\htdocs\

For example you want it to be D:\xampp\htdocs\mewbies\index.htm

Edit httpd.conf (D:\xampp\apache\conf\httpd.conf)

It has this:

DocumentRoot "D:/xampp/htdocs"

Change it to:

DocumentRoot "D:/xampp/htdocs/mewbies"

Below that it is:

Changed it to:

Stop and start apache (via control panel button- xampp-control.exe).

Go to: http://localhost (It will open up my

http://localhost/mewbies/index.html, URL will still be http://localhost)

*But your default bookmark for Admin page will not work any longer. You'll

have to either find that path for it and make new bookmark as it will try

to open: D:/xampp/htdocs/mewbies/xampp as that has been set as home.

Or you could edit that file to point correctly. in xampp/htdocs/index.php

Has:


7/22

Change line no. 8: header('Location: '.$uri.'/xampp/');

To correct path, for example: Change line no. 8:

header('Location: '.$uri.'/mewbies/');

TO BAN IPs FROM ACCESSING YOUR SITE:

````````````````````````````````````

Edit 'httpd.conf'

This section for example has this:

Options -Indexes FollowSymLinks Includes ExecCGI

AllowOverride All

Order allow,deny

Allow from all


8/22

Change to:


AllowOverride All

Order allow,deny

Allow from all

deny from 207.226.175.210

deny from 207.226.176.*

That will now deny anyone with that 1st IP and anyone in the 2nd IP's

range. They will receive a 403 error. To send them off to another location

use a 'Rewrite'.

LINKING OTHER AREAS ON BOX TO YOUR WEBSITE:

``````````````` ```````````` ``````````````

Symbolic Links and/or Alias Directive. You can read about this on your

Admin Page under the link Documentation/Apache 2 documentation /Mapping

URLs to the Filesystem/ -this opens an outside URL HERE. Basically it's

like creating a shortcut that the users won't be aware of. An example they

give:

"For example, with:


9/22

Alias /docs /var/web

The URL http://www.example.com/docs/dir/file.html will be served from

/var/web/dir/file.html. The ScriptAlias directive

works the same way, with the additional affect that all the content

located at the target path is treated as CGI scripts."

Other examples are HERE.

This is what I did. I have on my D drive (same drive I have xampp on)

another directory that I want my users to have access to and I don't want

to copy the contents over to my D:\xampp folders.

For an example the directory I want my users to access is 'wallpaper'

which is located here: D:\MyStuff\graphics\large\wallpaper

I want the URL to be http://mysite.com/gfx

Edited httpd.conf

Add this:

Alias /gfx /MyStuff/graphics/large/wallpaper

Order allow,deny

Allow from all

If it's on another Drive, just add the drive in the path, like this:

Alias /gfx F:/MyStuff/graphics/large/wallpaper


10/22

Options Indexes

Order allow,deny

Allow from all

*Note alias '/gfx' is what the user will enter in the URL to access that

path. It can be anything you like.

FORCE REDIRECT HTTP TO SSL HTTPS:

`````````````````````````````````

For my other site I have the entire web-site redirected to https. If you

don't want the entire site but only a certain area; see comment below

settings.

Edit httpd.conf (D:\xampp\apache\conf\httpd.conf)

Has this:

ServerAdmin admin@localhost

ServerName mydomain.com:80


Change to:

ServerAdmin admin@localhost

ServerName mydomain.com:80

RewriteEngine on


11/22

RewriteRule ^/(.*) https://your.site.com/$1


Or to only have https on a certain area of your site for example directory

named 'mewbies' enter settings like this for the above:

RewriteRule ^/(mewbies.*) https://your.site.com/$1

save, exit, restart apache, test that by going to

http://your.site.com/mewbies , you'll be redirected to

https://your.site.com/mewbies

*Note: Something I have noticed with this setting if you have a

authentication mode for that area:

When I go to my site http://your.site.com/mewbies

I'll first be prompted for login- name and pass, submit those, and then

only are users redirected to https. In other words it seems as though the

name/pass is being sent via http, then only are users redirected to https

mode... Definitely this is something to work out and find correct method.

TO CHANGE SIZE OF FILES ALLOWED TO UPLOAD:

``````````````` `````````````` ```````````

To allow large file uploads you must change the settings on your PHP &

Apache conf files, we'll use 600MB file size as the example, change it to

your own needs:

Edit this file: D:\xampp\php\php.ini


12/22

Search for: upload_max_filesize

Change to:

upload_max_filesize = 600M

Search for: post_max_size

Has this:

post_max_size = 8M

Change to (it must be larger than upload_max_filesize):

post_max_size = 700M

Search for: memory_limit

Has this: memory_limit = 128M

Change to, if you don't want any limit:

memory_limit = -1

Or change to (it must be larger than post_max_size):

memory_limit = 800M

Search for: max_execution_time

Has this: max_execution_time = 30

Change to for example:

max_execution_time = 9600

Search for (just below max_execution_time): max_input_time = 60

Has this: max_input_time = 60


13/22

Change to: max_input_time =3600

Done, save the changes.

Edit this file: D:\xampp\apache\conf\extra\httpd-default.conf

Search for: LimitRequestBody

If your conf does not have this line; add it

Has this: LimitRequestBody 102400

Change to:

LimitRequestBody 600000000

If you set it to 0, meaning unlimited up to 2147483647 bytes (2GB)

Restart your web server.

SECURITY TIPS:

``````````````

For 'Ten Tips Securing Apache' read HERE. This is what I did for what

applied to my installation and some others:

1 .(3) DON'T GIVE AWAY PROGRAM INFORMATION:

Why give away information that could potentially help a newbie hacker.

Make them work a little more for it :p. If I were to go to a non existing

URL on my site (not this site) I would see something like this:

Not Found

The requested URL /testing was not found on this server.


14/22

Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9 Server

at 123.456.789 Port 80

Thats just too much info.

Edit: D:\xampp\apache\conf\extra\httpd-default.conf

Has this:

ServerTokens Full

ServerSignature On

Change to:

ServerTokens Prod

ServerSignature Off

restart apache, test it now :) sweet

Not Found

The requested URL /testing was not found on this server.

Apache

You of course could make a custom error page to redirect users to as well.

2. (4) INSTALL A FIREWALL mod_security

See my tutorial for mod_security

3. (7) BE SPECIFIC ON WHAT IP:PORT APACHE LISTENS ON:

The default 'Listen 80' directive tells Apache to listen to every IP


15/22

address on port 80.

Edit this file: D:\xampp\apache\conf\extra\httpd.conf :

Mine has:

Listen 80

Change to:

Listen my.domain.com:80

Also can change this:

ServerName localhost:80

To:

ServerName yourdomain.com:80

exit, save, restart apache

*Note doing this I have noticed that on the Admin Page I'm now not able to

open: security page, cd collection, phonebook, or mercury mail. I get this

error: FORBIDDEN FOR CLIENT 192.168.1.2 or Access forbidden! Error 403.

5. (8) KEEP USERS OUT OF ROOT / :

I didn't do this step as naughty me has a number of Alias and symbolic

links to other locations in my box.

If you don't need users all over your box just edit this file:

D:\xampp\apache\conf\extra\httpd.conf


16/22

Has this:

Options FollowSymLinks

AllowOverride None

Order deny,allow

Deny from all

Change to:

Options None

AllowOverride None

Order deny,allow

Deny from all

6. (9)CLEAN UP HTTPD.CONF FILE

Any line in the file that is preceded with '#' is called 'commented'.

These lines are generally notes, directions, possible settings, etc. To

speed up apache a tiny tad and be sure all the lines that are there should

be there; remove every commented line. Your conf file will be so much

easier to read and locate settings after.

Always make a backup copy first; like

httpd-before.removing.comments.conf), just in case you remove a needed

line.


17/22

exit, save, restart apache, make sure all is in order and check your

error.log.

7. (10) PREVENT DOS/DENIAL OF SERVICE ATTACKS:

See a chart HERE for setting recommendations.

Edit this file: D:\xampp\apache\conf\extra\httpd-default.conf

Has: Timeout 300

Change to: 30

Has: KeepAliveTimeout 5

Change to: KeepAliveTimeout 2

Edit this file D:\xampp\apache\conf\extra\httpd.conf

'LimitRequestBody 102400' would be to limit the size per file uploaded to

102400 bytes.

settings would be 0 (meaning unlimited) to 2147483647 (2GB)

I want to allow 600MB so 'add' these lines:

LimitRequestBody 600000000

LimitRequestFields 50

LimitRequestFieldSize 8190

LimitRequestLine 8190

Edit this file D:\xampp\apache\conf\extra\httpd-mpm.conf

Has this:

MaxClients 150


18/22

MaxClients 50

Since my other site is private, very few ppl I changed it to:

MaxClients 50

MaxClients 5

PHP - you'll need to change the settings for upload max size as well to

match your above settings:

When editing .ini files I open them with WordPad, edit, then save not by

file/save (which will corrupt the file) but close it via the red X and

select Yes.

Edit this file: D:\xampp\php\php.ini

Has this:

; Maximum allowed size for uploaded files.


post_max_size = 64M

Change to match above settings:

; Maximum allowed size for uploaded files.


post_max_size = 700M

red X, yes, restart apache, test site that all is good.


19/22

8. DISABLE USERS FROM BROWSING DIRECTORIES THAT DO NOT HOLD WEBPAGES:

Edited httpd.conf

Under Options has this:

Options Indexes FollowSymLinks Includes ExecCGI

Change to:


But I do have some directories that I want to allow users to browse. For

example if I want users to be able to browse a directory named 'files':

Add this below the first one:

Options Indexes FollowSymLinks Includes ExecCGI

AllowOverride All

Order allow,deny

Allow from all

Test this by making a directory in your website, copy over a file into

that new directory, then go to that URL. You will now be denied.

9. DISABLE PHP EASTER EGGS:

These Easter eggs can reveal information about your PHP such as version

and which modules are installed. If you would like to view these click


20/22

HERE. To disable them:

Edit this file: xampp\php\php.ini

Search for 'expose_php' and change:

expose_php = On

To:

expose_php = Off

Restart your web server.

TROUBLE SHOOTING:

`````````````````

1. XAMPP Directory Mismatch Warning

If you get this warning after starting xampp-control.exe - the XAMPP

Control Panel:

Current Directory: D:\xampp

Install Directory:

*** WARNING: Directory mismatch ***

Status Check OK

This can by fixed by entering a new key in the Windows Registry:

1. Window's Start button/ Run / type in: regedit

then select OK. This will bring up the windows registry editor.

If you aren't familar with it, it is always a good idea to make a

backup first: File / Export / save it to where ever you like. If

there is a problem you just File / Import it back in.


21/22

2. Left pane navigate to HKEY_LOCAL_MACHINE and then SOFTWARE.

3. Right click on SOFTWARE, choose New, and choose Key.

(This will make a new key with a directory icon named New Key #1)

4. Rename that to XAMPP and press Enter.

5. Right click on XAMPP, choose New, and choose String Value.

(This will make a new key named New Value #1)

6. Rename that new key to: Install_Dir

then press Enter.

7. Right click on the key Install_Dir and choose Modify.

8. Enter in the 'Value data:' text box the path to your XAMPP, such as

D:\xampp and then select OK.

9. Close the Registry Editor.

10. Run XAMPP Control Panel and the error should be gone.

Thank you to the peeps at Apache Friends forum for this fix HERE.

2. XAMPP states busy and won't start

You can't start your web server- just keeps stating busy. There could be a

number of reasons. One way to find out the reason is to double click on

apache_start.bat which is located in your \xampp\ directory. This will

state an error why the web server won't start. For example when I had

this problem it stated:

(OS 10049)The requested address is not valid in its context.

: make_sock: could not bind to address 192.168.1.3:80

no listening sockets available, shutting down Unable to open logs


22/22

From there I could see that it was trying my network IP '192.168.1.3'

which was no longer valid for myself. This was the IP that I had put in my

'hosts' file (in the step 4 of installing XAMPP in this tutorial). Once I

changed '192.168.1.3 my.freedomain.com' to '192.168.1.2 my.freedomain.com'

I was able to start the web server.

Note: If you have other IPs, domains listed for the same localhost, that

is fine, it will work.

//----------------------------------------------------------------------

If you find mistakes, have suggestions, and or questions please post at

mewbies forum HERE - thank you.

Last update on 21 Mar '13

- mewbies.com -

Documents

Apache Windows via Xampp