Using WAMP on intranet

Question

Our client has an intranet network and we have to deploy an application on one of their Windows Servers. We have the access to it via remote desktop.

I figured that the easiest approach would be to install WAMP server. I did that and everything seems to be working, however, I am now concerned with the security of this server package. As far as I know, this IS considered to be intranet - correct me if I'm wrong.

I am aware that WAMP server shouldn't be used in production, since it's a server package for application development, but does it really matter on an intranet? The application won't have a lot of users, so that shouldn't be of concern here. What matters to me is the security of using WAMP server in this situation and what should I do to remedy this if the default configuration is not secure enough for these needs.

Side question: does an intranet application fall into the "production usage" category?

Answer 1

Using WAMPServer on an intranet should be fine.

Just to be completely sure it can never be accessed from the internet dont us the simple Put Online menu function. Instead edit the httpd.conf file manually and make sure you only allow access to Apache from the internal network. So something like this ...

Dont use :

Require all granted

Instead use

Require local
Require ip 192.168.1

Note the use of only 3 of the 4 quartiles in the second statement. This will allow access from any ip in the 192.168.1.? range. Of course you will have to check what subnets the client actually uses!

You can add as many of these as there are subnets in your client internal network.