Enhancing Security for XAMPP: A Comprehensive Guide

XAMPP is an incredibly useful tool for web developers, providing an easy-to-install environment for testing web applications locally. However, like any web server software, it's crucial to take security seriously, especially if you intend to use it for development or testing purposes. In this guide, we'll explore a series of steps to enhance the security of your XAMPP installation.

1. Access to the requested directory is only available from the local network. [sudo nano /opt/lampp/etc/extra/httpd-xampp.conf]

2. Restricting Access to Local Network

   • By default, XAMPP allows access from the local network only, which is a good security practice. To verify and configure this setting:

   • sudo /opt/lampp/lampp security

   • If needed, you can further restrict access by modifying the `httpd-xampp.conf` file:

3. Securing the Blowfish Secret | The Secret Passphrase in configuration (Blowfish Secret) is not the correct length. It should be 32 bytes long.

   • nano /opt/lampp/phpmyadmin/config.inc.php

   • openssl rand -base64 22

   • $cfg['blowfish_secret'] = sodium_hex2bin('f93ce59f45714194371b48fe933868dc3b019da7861558cd4ad29e4d6fb13594');

   • $cfg['Servers'][$i]['controlpass'] = 'Your@Secret-Password';

PhpMyAdmin Warning: The $cfg['TempDir'] (/opt/lampp/phpmyadmin/tmp/) is not accessible. PhpMyAdmin is not able to cache templates and will be slow because of this. PhpMyAdmin - Error, Existing configuration file (/opt/lampp/phpmyadmin/config.inc.php) is not readable.

4. The $cfg['TempDir'] (/opt/lampp/phpmyadmin/tmp/) is not accessible. phpMyAdmin is not able to cache templates and will be slow because of this.

   1. sudo mkdir -p /opt/lampp/phpmyadmin/tmp/

   2. sudo nano /opt/lampp/phpmyadmin/config.inc.php

   3. $cfg['TempDir'] = '/opt/lampp/phpmyadmin/tmp/';

   4. sudo chmod 644 /opt/lampp/phpmyadmin/config.inc.php

   5. sudo chown -R daemon:daemon /opt/lampp/phpmyadmin/tmp/

5. How to auto start XAMPP at system startup (Debian)

   1. Copy the /opt/lampp/lampp script to the /etc/init.d directory.

   2. sudo cp /opt/lampp/lampp /etc/init.d

   3. nano /etc/init.d/lampp

Add or modify the following lines at the beginning of the 

nano /etc/init.d/lampp script.

### BEGIN INIT INFO

# Provides:          xampp

# Required-Start:    $remote_fs $syslog

# Required-Stop:     $remote_fs $syslog

# Default-Start:     2 3 4 5

# Default-Stop:      0 1 6

# Short-Description: Start XAMPP at boot time

# Description:       Enable services provided by XAMPP.

### END INIT INFO

Add the script to the default runlevels and enable it.

sudo update-rc.d -f lampp defaults && sudo update-rc.d -f lampp enable

Reboot your system and XAMPP should start automatically.

6. How to change the default phpmyadmin url through and make it password protected with

   1. 1. sudo nano /opt/lampp/etc/extra/httpd-xampp.conf

#Alias /phpmyadmin "/opt/lampp/phpmyadmin" replace with below

Alias /lalatendu "/opt/lampp/phpmyadmin"

sudo /opt/lampp/bin/htpasswd -c /opt/lampp/phpmyadmin/.htpasswd lalatendu

nano /opt/lampp/phpmyadmin/.htaccess

AuthType Basic

AuthName "Restricted Area"

AuthUserFile /opt/lampp/phpmyadmin/.htpasswd

Require valid-user

7. With these comprehensive security measures in place, your XAMPP installation will be significantly more secure, ensuring a safer environment for your web development and testing activities. Hiding Apache and PHP Version Information One of the first steps in improving security is to hide sensitive version information from HTTP headers. This prevents potential attackers from easily identifying vulnerabilities in your system.

Hiding Apache Version

To hide the Apache version information, follow these steps:

1. Open the `httpd-default.conf` file: 

   sudo nano /opt/lampp/etc/extra/httpd-default.conf  

2. Add the following lines to the file:

   ServerSignature Off

   ServerTokens Prod

8. How to hide PHP version from HTTP headers

To hide the PHP version information, you need to make changes to the PHP configuration. Here's how:

1. Open the `php.ini` file:  

sudo nano /opt/lampp/etc/php.ini

2. Find the `expose_php` directive and set it to `Off`:

expose_php = Off

9. Enabling Keep-Alive can improve the performance of your XAMPP server by allowing multiple requests to be served over a single TCP connection. Follow these steps to enable Keep-Alive:

1. Open the `httpd-default.conf` file:

sudo nano /opt/lampp/etc/extra/httpd-default.conf

2. Add the following lines to set the maximum number of requests and the timeout for Keep-Alive connections:

   MaxKeepAliveRequests 500

   KeepAliveTimeout 15

10. LoadModule Location

    1. sudo nano /opt/lampp/etc/httpd.conf

    2. cd /opt/lampp/modules & chmod -R 755 mod_security2.so

11. How to grep a module

    1. sudo /opt/lampp/bin/apachectl -M | grep ssl

12. Its very Important httpd.conf file should content below 3 line

    1. sudo nano /opt/lampp/etc/httpd.conf

    2. Include etc/extra/httpd-xampp.conf

    3. Include “/opt/lampp/etc/extra/httpd-vhosts.conf”

    4. Include "/opt/lampp/apache2/conf/httpd.conf"

13. How do I change phpMyAdmin access URL? | Access phpMyAdmin with the New URL / Customizing phpMyAdmin :

    1. nano /opt/lampp/etc/extra/httpd-xampp.conf

    2. Add the line Alias /lalatendu "/opt/lampp/phpmyadmin" instead of Alias /phpmyadmin "/opt/lampp/phpmyadmin"

14. To generate a Self-Signed SSL Certificate and Private Key and save them in the appropriate locations, you can use the openssl command.

    1. sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /opt/lampp/etc/ssl.key/YourDomainName.key.pem -out /opt/lampp/etc/ssl.crt/YourDomainName.cert.pem

15. You can check if the private key (YourDomainName.key.pem) and the certificate (YourDomainName.cert.pem) match by comparing their fingerprints. To do this, follow these steps & Calculate the fingerprint of the private key:

    1. sudo openssl x509 -noout -modulus -in /opt/lampp/etc/ssl.crt/YourDomainName.cert.pem | openssl md5 && sudo openssl rsa -noout -modulus -in /opt/lampp/etc/ssl.key/YourDomainName.key.pem | openssl md5

OR

15. 2. openssl rsa -in YourDomainName.key.pem -noout -modulus | openssl md5 && openssl x509 -in YourDomainName.cert.pem -noout -modulus | openssl md5

    3. For MacOS

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /Applications/XAMPP/etc/ssl.key/YourDomainName.key.pem -out /Applications/XAMPP/etc/ssl.crt/YourDomainName.cert.pem

Some of Important XAMPP / LAMPP Configuration File List

sudo nano /opt/lampp/etc/my.cnf

sudo nano /opt/lampp/etc/php.ini

sudo nano /opt/lampp/etc/httpd.conf

sudo nano /opt/lampp/etc/proftpd.conf

sudo nano /opt/lampp/etc/extra/httpd-ssl.conf

sudo nano /opt/lampp/apache2/conf/httpd.conf

sudo nano /opt/lampp/etc/extra/httpd-default.conf

sudo nano /opt/lampp/etc/extra/httpd-vhosts.conf

sudo nano /opt/lampp/etc/extra/httpd-xampp.conf

sudo nano /opt/lampp/phpmyadmin/config.inc.php

sudo nano /opt/lampp/htdocs/wordpress/wp-config.php

Server configuration files, like those found in XAMPP, are critical components of your web environment. Making backup copies of these files is a good practice. Here's how to create backups for specific XAMPP configuration files:

sudo cp /opt/lampp/etc/my.cnf /opt/lampp/etc/my.cnf-bkp

sudo cp /opt/lampp/etc/php.ini /opt/lampp/etc/php.ini-bkp

sudo cp /opt/lampp/etc/httpd.conf /opt/lampp/etc/httpd.conf-bkp

sudo cp /opt/lampp/etc/proftpd.conf /opt/lampp/etc/proftpd.conf-bkp

sudo cp /opt/lampp/etc/extra/httpd-ssl.conf /opt/lampp/etc/extra/httpd-ssl.conf-bkp

sudo cp /opt/lampp/apache2/conf/httpd.conf /opt/lampp/apache2/conf/httpd.conf-bkp

sudo cp /opt/lampp/etc/extra/httpd-default.conf /opt/lampp/etc/extra/httpd-default.conf-bkp

sudo cp /opt/lampp/etc/extra/httpd-vhosts.conf /opt/lampp/etc/extra/httpd-vhosts.conf-bkp

sudo cp /opt/lampp/etc/extra/httpd-xampp.conf /opt/lampp/etc/extra/httpd-xampp.conf-bkp

sudo cp /opt/lampp/phpmyadmin/config.inc.php /opt/lampp/phpmyadmin/config.inc.php-bkp

sudo cp /opt/lampp/htdocs/wordpress/wp-config.php /opt/lampp/htdocs/wordpress/wp-config.php-bkp

# XAMPP ALIAS #

alias edmy.cnf='nano /opt/lampp/etc/my.cnf'

alias edphp.ini='nano /opt/lampp/etc/php.ini'

alias edhttpd='nano /opt/lampp/etc/httpd.conf'

alias edproftpd='nano /opt/lampp/etc/proftpd.conf'

alias edhttpdssl='nano /opt/lampp/etc/extra/httpd-ssl.conf'

alias edhttpddefault='nano /opt/lampp/etc/extra/httpd-default.conf'

alias edhttpdvhosts='nano /opt/lampp/etc/extra/httpd-vhosts.conf'

alias edhttpdxampp='nano /opt/lampp/etc/extra/httpd-xampp.conf'

alias edconfiginc='nano /opt/lampp/phpmyadmin/config.inc.php'

alias edwpconfig='nano /opt/lampp/htdocs/wordpress/wp-config.php'

alias lstart='sudo /opt/lampp/lampp start </dev/null &>/dev/null &'

alias lstop='sudo /opt/lampp/lampp stop </dev/null &>/dev/null &'

alias lrestart='sudo /opt/lampp/lampp restart </dev/null &>/dev/null &'

alias lstatus='sudo /opt/lampp/lampp status </dev/null &>/dev/null &'

alias htd='cd /opt/lampp/htdocs/websites'

Here are some steps you can take to harden your XAMPP installation:

1. Change the default passwords: The default passwords for XAMPP should be changed immediately to more secure ones, especially for the MySQL database and the XAMPP control panel.

2. Secure MySQL: MySQL should be secured by using strong passwords and ensuring that only authorized users have access.

3. Use a firewall: A firewall can help prevent unauthorized access to your XAMPP server by blocking any incoming traffic that is not explicitly allowed.

4. Disable unnecessary services: Disable any unnecessary services running on your XAMPP server to reduce the attack surface. 

5. Enable HTTPS: Use HTTPS to encrypt all traffic between your XAMPP server and clients.

6. Limit access to the XAMPP control panel: Access to the XAMPP control panel should be restricted to authorized users only. You can do this by setting up a strong username and password for the control panel.

7. Keep XAMPP up to date: Make sure you're running the latest version of XAMPP with the latest security patches.

8. Use strong authentication: Ensure that your XAMPP server uses strong authentication protocols, such as two-factor authentication (2FA), to further protect against unauthorized access.

9. Regularly backup your data: Make regular backups of your XAMPP data, including the MySQL databases and website files.

10. By following these steps, you can harden your XAMPP installation and reduce the risk of it being compromised. It's important to remember that security is an ongoing process, and you should regularly review and update your security measures to ensure that your XAMPP installation remains secure.