Comments on: How To Secure MAMP

By: edoules

edoules — Sat, 11 Apr 2009 02:23:30 +0000

Hi! Additional note: You’ve mentioned securing the MAMP folder from external access with the use of “.htaccess” and “.htpasswd” files. An alternative way to secure this is by changing a few lines in httpd.conf as follows:

Options Indexes MultiViews
AllowOverride None
Order allow,deny
# Allow from all
Allow from localhost

– These changes start on line 620 roughly, just go through and change anything related to MAMP from “Allow from all” to “Allow from localhost” as above. Do this for each item that should not be accessible from anyone other than localhost.

Notice: Spoofing “localhost” would be a way to circumvent this measure. I haven’t figured out how that would be accomplished though…

By: TwoKnowItAlls.com » Hardening MAMP for simple, secure Wordpress hosting

TwoKnowItAlls.com » Hardening MAMP for simple, secure Wordpress hosting — Sat, 08 Nov 2008 19:56:50 +0000

[...] MySQL root password (the following instructions pertaining to the root password are adapted from network0’s excellent guide, with a few necessary changes for the current version (1.7) of MAMP). Open a terminal and run the [...]

By: BeanWorks · Google API’s and Mac

BeanWorks · Google API’s and Mac — Mon, 06 Oct 2008 01:06:08 +0000

[...] turns out there’s also a couple scripts to change in MAMP, documented over on network0. There’s also a handy section on securing MAMP itself by password protecting the htaccess [...]

By: Eric Kiel

Eric Kiel — Thu, 11 Sep 2008 20:25:39 +0000

You may want to try adding the following to the top of your root .htaccess file:

(add less than here)IfModule mod_rewrite.c(add greater than here)

RewriteEngine On

RewriteBase /

RewriteCond %{REQUEST_URI} ^/(stats|failed_auth\.html).*$ [NC]

RewriteRule . – [L]

(add less than here)/IfModule(add greater than here)

Also you could move the site you want displayed out of /Applications/MAMP/htdocs (I think that is the location if I remember correctly.)

By: B Adams

B Adams — Thu, 11 Sep 2008 20:03:08 +0000

Putting an .htaccess file in did, indeed, make the localhost/MAMP section inaccessible without a password. However, it also made the entirety of localhost/ similarly password protected! I thought this might be remedied by putting an overriding .htaccess into /Applications/MAMP/htdocs which essentially said “Don’t bother with passwords anymore”, but haven’t had any luck on that front.

Any tips on how to secure the localhost/MAMP page without doing the same to the rest of localhost?

By: Eric Kiel

Eric Kiel — Thu, 11 Sep 2008 15:32:07 +0000

I imagine it would be, but a concern might be that the server has to be logged in as the user running MAMP at all times for it to run.

By: Andy Day

Andy Day — Thu, 11 Sep 2008 15:17:37 +0000

After following your instructions is MAMP suitable for a large projected on Leopard Server?

I’ve found the build in Server is lacking many essential modules.