• Registered: 2005-11-02

Topic: Virtual Hosts

Question:
When Nathan mentions "digging into it on localhost", or Cody refers to WAMP and virtual hosts, they are referring to a local, private virtual web host server thingy (note: technical term).

On this private virtual host, they have installed Apache, MySQL, and PHP software. I think this combination allows them to build websites (complete with running javascripts and php scripts) and install database-driven content management systems, all on a laptop.

First, this is really cool. Second, it seems a little scary from the perspectives of possible security gaps and technical hassles.

Can anyone share some experience with WAMP, and any security tips?

"I was blind, but now I see!"  John 9:25

Montgomery's Website

  • From: Dallas, TX
  • Registered: 2005-10-29

Re: Virtual Hosts

Mike: By default, when you install WAMP, it is closed to outsiders. So, I'd say it's pretty secure. I used to use it at my old job, and then allow intranet access so people could see things we were working on within the company.

Give me liturgy or give me death.

Nathan Smith's Website

  • pnomolos
  • A Promoted Hamster among Men
  • Offline
  • From: Comox, British Columbia
  • Registered: 2006-08-06

Re: Virtual Hosts

I've actually gone a step further and have a separate box with a nameserver set up so that I can add new projects on a whim but still treat them as close as possible to a real host (IE, I have set up an internal domain of .test, so I can go http://project_name.blazing-amd.test rather than http://localhost/project_name) it makes life much easier when you can use absolute paths all the way through.  But, again, I've set up my server so that it will only accept connections on my local subnet.

"Take up your cross before your crown" :: http://no-spec.com

pnomolos's Website

  • From: Nashville, TN
  • Registered: 2006-01-12

Re: Virtual Hosts

I agree with Nathan about WAMP being pretty secure by default. You can add additional security by adding passwords to access the various aspects of WAMP (i.e., database, etc.). Another thing I recommend is a good firewall program such as ZoneAlarm that allows you to monitor incoming and outgoing connections. You can set it up so that it always allows certain connections that are often used. That way only 'suspicious' stuff will appear. Of course this configuration will take time and the more you auto allow, the more stuff could slip by you.

On a side note, does anyone know the differences between WAMP and XAMPP?

He will return...

Mithrill's Website

  • Registered: 2005-11-02

Re: Virtual Hosts

Thanks to all.

@pnomolos: I like the Apache virtual host idea, which I think allows multiple projects with absolute or relative paths. But I'm confused about one thing: if the project will be http://project_name.com , would you locally go to:

     http://project_name.com.test
     http://project_name.test

...or something else?

@Mithrill: I'm a ZoneAlarm fan as well.

"I was blind, but now I see!"  John 9:25

Montgomery's Website

  • From: Ames, IA
  • Registered: 2006-05-11

Re: Virtual Hosts

I have been using Apache installed locally on Windows similar to what Cody described in his post. you can have the ability to use different host names by editing the hosts file in the C:\windows\system32\drivers\etc of windows installations. this file allows you to map different host names to 127.0.0.1, and then you can place different values for the ServerName config option in Apache.

if you open the hosts file, you'll see localhost already in there. I'm pretty sure this is how windows knows what IP belongs to that word. you can enter as many of your own mappings as necessary.

I'm a little wary this practice because it adds a configuration item in an obscure place, but the ability to access multiple sites on my computer through different host names is worth it to me.

<VirtualHost 127.0.0.1:81>
  ServerName projectname
  DocumentRoot "C:/htdocs/projectname" 
  <Directory "C:/htdocs/projectname/">
    Options Indexes FollowSymLinks Includes
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    DirectoryIndex index.php
  </Directory>
</VirtualHost>

this should allow you to access the site in C:\htdocs\projectname using http://projectname:81. I could add another VirtualHost section in the config using projectname2 for my ServerName and point that to a site located in C:\htdocs\projectname2, just add another line to the hosts file mentioned above pointing projectname2 to 127.0.0.1.

also note that the Allow from 127.0.0.1 of Cody's config only allows connections to Apache from the local computer, and nobody else, which is a good practice to ensure security.

danofames's Website

  • From: Dallas, TX
  • Registered: 2005-10-29

Re: Virtual Hosts

Montgomery wrote:

But I'm confused about one thing: if the project will be project_name.com...

Just a quick note: You'd never have "project_name.com" since the only characters allowed are the hyphen (project-name.com is valid). That being said, I like to set up my localhost sites as *.dev instead of the *.com. So, example.com testing area is example.dev. It can be whatever you want though. You could just as easily set up example.com.dev and example.org.dev - for sites that have a commercial and non-profit branch (www.typo3.com / www.typo3.org).

Give me liturgy or give me death.

Nathan Smith's Website

  • Registered: 2005-11-02

Re: Virtual Hosts

Oops, of course underscores not allowed.

project-name.dev

...sounds good to me.

"I was blind, but now I see!"  John 9:25

Montgomery's Website

  • pnomolos
  • A Promoted Hamster among Men
  • Offline
  • From: Comox, British Columbia
  • Registered: 2006-08-06

Re: Virtual Hosts

Hi Montgomery.  Since you have to deal with DNS (even on a LAN it still takes time to propogate), I have my webserver also set up as a DNS server, and serving the .test namespace.  That one machine's name is ns.blazing-amd.test, but I have created a wildcard entry in the DNS, so *.blazing-amd.test resolves to that machine.  Then, using Apache's VirtualDocumentRoot and VirtualScriptAlias (more on those properties in the documentation all I have to do is make sure that the folder exists - no restarting Apache or editing the config file (either by hand or with a script).

If you want more info on how I did that let me know and I could probably write a blog post with my setup.

Last edited by pnomolos (2007-01-18 16:57:03)

"Take up your cross before your crown" :: http://no-spec.com

pnomolos's Website

  • maspick
  • Servant to The King
  • Offline
  • From: Kewanee, IL
  • Registered: 2006-02-08

Re: Virtual Hosts

Mithrill wrote:

On a side note, does anyone know the differences between WAMP and XAMPP?

They are two slightly different flavors of the same thing.  The advantage of XAMPP is the addition of PERL, the ability to choose PHP4 or PHP5 (and then switch when needed to match a live environment) and a fairly easy to use interface.

That's my 2 cents :^{>

Honored to Serve for Him - Tom ('Mas) Pickering <)><

maspick's Website

  • From: Nashville, TN
  • Registered: 2006-01-12

Re: Virtual Hosts

Appreciate the clarification maspick. Thanks!

He will return...

Mithrill's Website

  • Registered: 2005-11-02

Re: Virtual Hosts

These methods worked for me:

http://www.mezzoblue.com/archives/2004/ … /index.php
http://www.thewatchmakerproject.com/jou … rk-offline
http://www.apptools.com/phptools/virtualhost.php

Basically involves editing the Windows hosts file as well as creating the Apache .conf file.

I only mention all three because they all corroborate each other.

"I was blind, but now I see!"  John 9:25

Montgomery's Website