Introduction
Today I installed and tested
XAMPP, a suite of software which instantly turns a computer into a web server
running Apache, MySQL Database server, FileZilla FTP Server and also a POP
server.
XAMPP stands for X (refers
to cross-platform) Apache MySQL PHP & Perl. Despite this name, XAMPP does
in fact install more software than this. The project is open-source and is
developed by a non-profit group Apache Friends. The version installed in this
test is 1.7.7 (released September 20th 2011). XAMPP is available for Windows,
Mac OS X, Linux and Solaris.
Installation
XAMPP is available
as an automated installer or a compressed archive. As recommended by the site
itself, the automated installer was selected. This provides a "next,
next... finish" install which is very easy to follow. During installation,
the installer asks whether XAMPP components are to be installed as a service.
If this option is
selected, the components such as Apache and MySQL are installed as Windows
services. This allows them to be automatically started during bootup and also
allows them to be run independently of the control panel. At this point in the
installation, the services option was not selected and a standard install
resumed.
Testing: Control
Panel
When the XAMPP
application is launched, all services are turned on by default. These can then
be started by using the start button, or they can be installed as services by
ticking the SVC checkbox. In this case, Apache and MySQL were started normally,
whereas FileZilla FTP was started as a service since this is a requirement of
the server.
<<TODO:
Screenshot of the control panel running properly>>
Once the services
are started, the administration pages can be used. The first step was to launch
the Apache administration page, which also serves as the control centre for
XAMPP. Clicking the "admin" button launches http://localhost.
Test: HTTP &
HTTPS Services
The fact that the
control panel above is shown means that the Apache HTTP server is capable of
serving content, i.e. that HTTP is working. The next step is to ensure HTTPS is
also operational.
A link in the main
page points to the secure version of the control panel, i.e. https://localhost. When loading this page, the
browser displays a warning since the page is not signed by a trusted authority.
The control panel is
now running on HTTPS.
Test: FTP Service
To test the FTP
service, an FTP client is needed. The free FileZilla FTP client was downloaded.
The default connection details were used:
host: localhost
username: newuser
password: wampp
The FTP client
connected to the server which displaued the contents of the htdocs folder. As a
test, a sample image was uploaded to the directory, and then displayed in the
web browser.
Test: XAMPP Security
Report
The XAMPP Security
Report tests the XAMPP installation for common security flaws. It can be
accessed by clicking "Security" in the left menu.
As can be seen from
the above, the default XAMPP installation has some security flaws, which are
there for the convenience of the user.
·
The XAMPP directory must be protected so only localhost can see it.
·
A password must be set for the MySQL root user.
·
phpMyAdmin must be protected with a password.
·
PHP must run in safe mode (at least on production websites).
·
The default FileZilla password must be changed.
·
In this case, a POP3 server was not found running because it was not
configured to run.
XAMPP provides a
link to automatically fix some of these issues.
When reloading the
control panel, XAMPP now asks for user authentication.
The FileZilla FTP
password was changed.
safe_mode was set to
On in php.ini.
After some further
adjustements, the security part was successful.
Test: phpinfo
The next test was to
generate a phpinfo report. This is done by clicking the phpinfo() link under
the PHP menu heading. The report displays details related to the installation
of PHP including modules configured to work with it.
Test: visitor report
The next test was to
generate a visitor report. This is done using Webalizer link under the Tools
menu heading. Webalizer analyses Apache access logs to generate graphs and
charts which report referring links, pages hit, hit count and access by country
amongst others.
Test: default
guestbook
XAMPP contains a
sample Perl application - a Guest Book.
After pressing
"write" the comment is added to the guestbook.
Test: Adding an
image and a stylesheet
For the following
test, a simple HTML page including a stylesheet and an image was created.
Test: Access the
site from another computer
First the IP of the
XAMPP computer was established usign the ipconfig command.
Another machine on
the network (in this case running Mac OS X) was then used to launch the site
Test: Change the
files using an FTP client on another machine
An FTP client was
installed on the Mac an a connection was made to the XAMPP machine, however
this failed as FileZilla FTP was set to only accept local connections. After
changes were made to Windows Firewall, the test was successful.
Post a Comment
Please enter your comments here..
0 comments: