Security risks

Hi, am very new to apache server and am trudging through all the
documentation to learn more but would appreciate it if someone could
advise me quickly.

I've set up apache 2.0.58 with php 5.5 on a win XP machine for
developmental purposes and have come to realise that people on other
computers can access the serverRoot by typing in http://{my ip
address}. This raises some concerns because I don't have a clue what
else people can see. After some testing I found out that the outside
world can browse all directories in my Server root and see all files,
which isn't too much of a problem, but what about other directories?
Could anyone have access to my myDocuments folder for example?
In general, can someone tell me how I can block all computers form
seeing anything on my computer whilst still being about to work
through my browser on my machine by typing http://localhost

Any help is greatly appreciated,

Ste

Re: Security risks

> I've set up apache 2.0.58 with php 5.5 on a win XP machine for
> developmental purposes and have come to realise that people on other
> computers can access the serverRoot by typing in http://{my ip
> address}.

> In general, can someone tell me how I can block all computers form
> seeing anything on my computer whilst still being about to work
> through my browser on my machine by typing http://localhost

Last things first. Open the configuration file (httpd.conf) and locate the
"Listen" directive. It will have your IP assigned:

Listen xxx.xxx.xxx.xxx:80

Just change that to "Listen 127.0.0.1:80" and make sure no other occurrences of
Listen are active. (You can listen to more than one IP)

> This raises some concerns because I don't have a clue what
> else people can see. After some testing I found out that the outside
> world can browse all directories in my Server root and see all files,
> which isn't too much of a problem, but what about other directories?
> Could anyone have access to my myDocuments folder for example?

Clients can only access files and directories under the DocumentRoot. You can
also block browsing of those directories by removing the Index option for some
or all of the directories.
--
Crash

Re: Security risks

Brilliant. Thank you very much, I'll try that now :)

Ste

On 27 Jul, 11:21, "\"Crash\" Dummy" wrote:
> > I've set up apache 2.0.58 with php 5.5 on a win XP machine for
> > developmental purposes and have come to realise that people on other
> > computers can access the serverRoot by typing in http://{my ip
> > address}.
>
> > In general, can someone tell me how I can block all computers form
> > seeing anything on my computer whilst still being about to work
> > through my browser on my machine by typinghttp://localhost
>
> Last things first. Open the configuration file (httpd.conf) and locate the
> "Listen" directive. It will have your IP assigned:
>
> Listen xxx.xxx.xxx.xxx:80
>
> Just change that to "Listen 127.0.0.1:80" and make sure no other occurrences of
> Listen are active. (You can listen to more than one IP)
>
> > This raises some concerns because I don't have a clue what
> > else people can see. After some testing I found out that the outside
> > world can browse all directories in my Server root and see all files,
> > which isn't too much of a problem, but what about other directories?
> > Could anyone have access to my myDocuments folder for example?
>
> Clients can only access files and directories under the DocumentRoot. You can
> also block browsing of those directories by removing the Index option for some
> or all of the directories.
> --
> Crash