W3-Video WEB Tutorials

w3-video.com is a Free eLearning Website with over 500 video tutorials on HTML5, XAMPP, .htaccess, Firefox, Notepad++

XAMPP Tutorial

Home HTML5 XAMPP .htaccess Firefox Notepad++

4. Secure localhost, Tutorial

Share it

Learn to secure your localhost using the Order directive: Allow ⁄ Deny


  1. start Apache
  2. access Apache's configuration file
  3. change the directive's rule 'Allow from all'
  4. save & restart Apache & run a test
  5. grant other people's access to your localhost

Video demonstration XAMPP: Secure localhost

4. Secure localhost, Tutorial

min video details
00:03 access localhost (goes by default to xampp directory)
00:06 provide a user and a password
If you want to know how to password protect your xampp directory, click here for a video demo
00:13 go to 'Security' page and check the Status => everything is secured EXCEPT the localhost (=htdocs, your web directory)
00:34 let's remove the redirection toward 'xampp' directory by simply replacing/renaming the existing index.php file with our index.php file
00:45 go to xampp -> htdocs
01:00 each time we're accessing the index.php from localhost, we are redirected toward the 'xampp' directory
01:06 renaming index.php
01:10 drag and drop our index.php inside
01:17 removing /xampp/ from url
01:19 now we're displaying the content of the index.php from 'htdocs'; before we saw the content of the index.php from 'xampp' directory
01:23 open Apache's configuration file 'httpd.conf'
01:36 scroll into view <Directory "C:⁄xampp⁄htdocs">
01:42 check the directive's rule "Allow from all": allow access to everyone to your localhost...
01:49 in xampp directory configuration's file there's a directive we can copy ⁄paste to Apache's configuration file; it will allow us to restrict everyone's access to localhost, except us
02:05 the 2 rules say: deny from all but allow from = us, the localhost; in this casewhen localhost is accessible by us only
02:34 restart Apache and let's test it
02:47 test ok; we (the are still able to access it, others can't do it
02:53 re-open Apache's configuration file to change the directive
03:02 by commenting the 'Allow..' line, 'Deny from all' applies only, our access is restricted too this time
03:09 restarting Apache and test
03:23 test ok: Access is forbidden!
03:29 we don't want to leave it like this, we would like to restrict access to everyone except us and maybe our client
03:42 to grant access to your client, you can add his ip after your server's address (ip) separated by a comma like this:
Allow from,xxx.xx.xx.x (instead of xx.. use a real ip, the client's ip)