One of the spiffier parts of Mac OS X that I latched onto quickly (back in the heady days after the Public Beta) was the built-in Apache webserver with its one-click activation. My favorite part was being able to edit a file or web app on my local computer — usually a laptop, so I could edit anywhere — and then testing it there in a ‘live’ server environment, before uploading it to the real webserver and breaking things. Combined with the included php and MySQL, not to mention the other big guys like perl and Python, having a portable development box is a pretty cool thing.
Of course, when you turn on Apache via the Web Sharing option in System Preferences, you are basically turning your computer into a webserver to whoever happens to have access to you over the network, whether LAN or the greater Internet. Most of the time, this is not that much of a concern. But it’s useful, not to mention more secure, to make your development directory inaccessible to anyone else.
Assuming you are using your user account’s Sites folder, here’s a super-quick method to make it unreachable to anyone except users on your computer. You will need to have admin access on the computer in question. You should also know your way around the Terminal and command-line.
Get started by turning off Web Sharing under your System Preferences. Then bring up the Terminal program and cd into /etc/httpd/users
Now, there’s only one file we need to edit in this folder: foobar.conf, where foobar is your short username, the same as the name of your Home folder (e.g. /Users/foobar).
First, make a backup of the file by copying it like this:
sudo cp foobar.conf foobar.conf.bak
You’ll need to enter your admin password. Next, open the foobar.conf file in your favorite text editor, which, if it’s the same editor as mine, will mean using this command:
sudo vi foobar.conf
Once the file is open, you’ll find this:
<Directory "/Users/foobar/Sites/"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory>
Edit the text so it looks like this:
<Directory "/Users/foobar/Sites/"> Options Indexes MultiViews AllowOverride None # Order allow,deny # Allow from all Order deny,allow Deny from all Allow from 127.0.0.1 </Directory>
What we’ve done here is to comment out a couple of lines using the # sign, so they’ll be ignored (technically you could delete them, but leave them there for reference). And we’ve told Apache to apply the following two rules in the order of denying access, then allowing access. The last two additions deny access to everybody, then allow access to your local computer.
Save the file and close your editor. Restart Apache by turning on Web Sharing again. You’re done! Now you can do whatever development you like inside your Sites folder and not worry about anyone else accessing it.
We’ve just scratched the surface of what you can accomplish in that .conf file, or for that matter in the httpd.conf file one directory up. Just make sure to backup your files before editing, make sure to only make one edit at a time so you can easily undo any damage, and do your homework before poking around in there. Hey, a good place to start would be the O’Reilly Apache book. ;D But you can also read up on the popular webserver at the apache.org site.
Got any favorite Apache tweaks on Mac OS X? Share ‘em!