Setting the Default Timezone for PHP Correctly

The default time-zone used and displayed by PHP is UTC time (Coordinated Universal Time), and this is why PHP’s time is always several hours off from your local time.

While it is usually best to leave the internal time-zone of PHP set on UTC (as it is a international time standard) and then convert (in PHP code) the UTC date-time value to the time-zone you’d like to display, to configure PHP to use a specific time-zone you have several options…

Set PHP’s Global TimeZone via php.ini

You can configure PHP to use your local time-zone by setting the proper value of “date.timezone” in php.ini.

Edit file:
C:\WampDeveloper\Config\Php\php.ini

Change this –

date.timezone = "UTC"

To this –

For West Cost:

date.timezone="America/Los_Angeles"

For East Cost:

date.timezone="America/New_York"

For Central Time:

date.timezone="America/Chicago"

Save file (and be careful not to change the filename extension from .ini to .ini.txt when doing so). Restart Apache for changes to take effect.

The big list of time zones for PHP is here –
For America
For the rest of the World

Setting PHP’s Per-Website TimeZone via VirtualHost

You also have the option of leaving PHP’s global default time-zone on UTC (in php.ini), and changing it per-website…

Edit the website’s HTTP and HTTPS VirtualHost files (select website in WampDeveloper’s Websites Tab, click the VirtualHost buttons to open the files). Then within the <VirtualHost> block, insert –

<IfModule php7_module>
php_admin_value date.timezone "America/New_York"
</IfModule>
<IfModule php5_module>
php_admin_value date.timezone "America/New_York"
</IfModule>

Or use directive “php_value” in the above line instead if you also want to allow the website’s .htaccess files and PHP scripts to further change that value at run-time.

Save the VirtualHost files. Restart Apache.

Note that this will only work if PHP is ran as an Apache module (mod_php), and not as a FCGI process (PHP-FCGI) – because the FCGI process is separate from the Apache process it can’t be configured by it (i.e., php settings can only be set via php.ini and cannot be set by VirtualHost nor .htaccess files).

Setting PHP’s Per-Directory TimeZone via .htaccess

For setting the time-zone per PHP script’s folder/directory…

Edit the location’s .htaccess file and add in the proper “php_value” setting (note that you can’t use “php_admin_value” in .htaccess files) –

<IfModule !fcgid_module>
php_value date.timezone "America/New_York"
</IfModule>

Save the .htaccess file. There is no need to restart Apache after .htaccess edits.

This is the more portable way of setting the proper PHP values for your websites and scripts, but as mentioned previously, setting directives in .htaccess files only works under mod_php and does not work under PHP-FCGI.

Setting PHP’s Per-Script TimeZone via Code

Use the PHP function ini_set() to set your run-time values in script code…

ini_set("date.timezone", "America/New_York");

This is a good option if you are running PHP-FCGI, or are unable to make changes to php.ini, or can’t edit the website’s VirtualHost and .htaccess files.

date.timezone

It is important to always have a data.timezone value set. Otherwise, with this value undefined, PHP will:

1. Generate an error/warning for every time the date() and getdate() functions are called.

PHP Notice: in file /index.php on line x: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function.

2. Attempt to guess which timezone to use via OS settings, environment variables, and algorithms. In some cases this can negatively impact server performance by a factor of 2-5x (especially PHP 5.3 on Windows)!

Apache Crash Recovery

Automatically Restart Apache

If Apache crashes and does not restart by itself, you can make Windows restart it automatically.

Use Windows’ Service Recovery abilities to restart Apache on each crash…

Click the Services button in WampDeveloper’s System Tab, select the Apache Service (double-click it), in its Properties go to the Recovery tab, select to restart this service on each crash:

First failure: Restart the Service
Second failure: Restart the Service
Subsequent failures: Take No Action

Reset fail count after: 1 (days)

Everything else should be de-selected.

“Service Recovery” only works when the service exits unexpectedly, otherwise this won’t work.

Note that when Apache exits with status code 255, it restarts automatically without having to have Windows Services Manager restart it:

> [Sun Oct 30 13:28:15 2013] [notice] Parent: child process exited with status 255 -- Restarting.
> [Sun Oct 30 13:28:16 2013] [notice] Apache/2.2.20 (Win32) mod_ssl/2.2.20 OpenSSL/0.9.8r configured -- resuming normal operations

WampDeveloper’s Apache log file:
C:\WampDeveloper\Logs\Apache\httpd.host.errorlog.txt

PHP Extensions

If you experience Apache crashing every couple of days, try disabling the APC or eAccelerator PHP opcode module…

Edit file:
C:\WampDeveloper\Config\Php\php.ini

Near the end, comment out the entire “[APC]” or “[eAccelerator]” section by inserting a “;” at the beginning of each line in that section.

Save file. Restart Apache.

Also do the same for XDebug and any other PHP extensions listed at the end of php.ini.

Apache Settings

Edit file:
C:\WampDeveloper\Config\Apache\extra\httpd-mpm.conf

Comment out this line (add a # infront)-

ThreadStackSize 4194304

Apache’s default ThreadStack size is very low on Windows (1MB or less), and is 8MB on Linux. WampDeveloper attempts to set this to 4MB as some webapps and PHP scripts that where developed on Linux assume too much and might require additional memory.

Other times a large value here can have consequences that will result in Apache segmentation faults when a webapp (such as WordPress) starts to receive moderate amounts of connections/traffic.

Fixing SSL / HTTPS connections not reaching correct website for Windows XP users

When someone on a Windows XP system, or even using an older version of IE, goes to the SSL/HTTPS URL of your Apache or WampDeveloper hosted website, they might get a warning by their browser that the SSL Certificate does not match the website and/or get the wrong website. And in some situations this might also happen on recent OS versions (Vista, 7, etc).

To fix this –

Bind your website to the server’s public IP address. Only the SSL VirtualHost needs binding, the regular HTTP VirtualHost does not…

Edit the website’s SSL/HTTPS VirtualHost file (select website in WampDeveloper’s Websites Tab, then click the SSL VirtualHost button).

Change –

<VirtualHost *:443>

To –

<VirtualHost server's.public.ip.address:443>

You can locate the Public IP address of your system in WampDeveloper’s System Tab.

For local-network only websites use the LAN IP address instead (see System Tab for IPv4 values).

Save file. Restart Apache.

If you only have 1 IP address assigned to your server, you can do the above without any issues as long as you’re okay with this website now answering *all* SSL/HTTPS requests that come in on that specific IP address, regardless of which website they are for. Otherwise, you’ll need to bind each website’s SSL VirtualHost to a separate and unique IP address.

This happens because –

The client OS and Browser must support SNI (Server Name Indication) for *multiple SSL websites running on the same 1 IP address* to work – vs. having to dedicate a separate IP address for each website.

If they don’t, you’ll just get back WampDeveloper’s “DefaultWebsite” (usually localhost) with it’s fake/bogus self-signed Certificate, which will always mis-match the correct website’s domain-name.

Unless the request is originating on XP, or an older version of IE, this isn’t usually an issue. But this problem can also arise with some IE settings being turned off on Vista, Windows 7, etc:

Make sure TLS (needed by SNI) is turned on for IE on the system the request is coming form (it is by default – but some programs like McAfee mess it up); have the client go to:

Control Panel > Internet Options/Settings > Advanced

In Security Group, make sure this is check-marked:

Use TLS (and SSL)

Then have the client restart IE.

Running Websites on Non-Standard Ports

These instructions will enable you to access your website externally via a port other than 80 (which might be blocked by your ISP).

Note that when using non-standard ports such as 8081 to host your website, to access your website you’ll need to specify the port number in the URL –
http://www.example.com:8081/

Edit VirtualHost

Select your website in WampDeveloper’s Websites Tab, click the HTTP VirtualHost button.

Replace this…

<VirtualHost *:80>

With this…

Listen 8081
NameVirtualHost *:8081
<VirtualHost *:8081>

Remove Redirect Rules

Then comment out (#) or remove the “Domain Alias to Primary Domain” redirect lines (if they are present), which are similar to these lines…

# Redirect all ServerAlias(es) to main domain
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteRule ^/*(.*)$ http://www.example.com/$1 [R=301,NC]

Save the VirtualHost file. Restart Apache.

Open and Route New Port

Sine you are probably doing this to open access to your server from outside, you’ll need to:

1. Open the new port in your Windows Firewall for incoming TCP requests.

2. And make sure your Router has the proper port-forward rules in place to forward WAN:port to LAN:port traffic, or the requests will never reach the proper LAN server.

Notes

1. If Apache won’t start, run from the command line (click Command Line button in System Tab):
httpd -n "Apache2" -t

Or if Apache service name is the default “Apache2.4″ or “Apache2.2″, then just:
httpd -t

2. From now on, you should not enable the ‘Forward To Primary Domain – All Aliases’ option for this website (in website’s Settings), as the above redirect lines might not work correctly for port specified URLs (*edit: now fixed in WampDeveloper v4.2.0.0 and above).

3. Also note that some parts of WampDeveloper might not been fully configured for running on non-standard ports; this could cause a few minor issues.

*Edit: WampDeveloper v4.2.0.0 and above now contains new Domain Aliases to Primary Domain Redirect rules that preserve port numbers, and it should not be necessary to comment-out or remove those rules/lines.

Installing WAMP on Windows 8 (and Windows Server 2012)

Before installing a WAMP server such as WampDeveloper Pro on Windows 8 (and Server 2012), you will need to unblock the Windows Hosts file, disable some extra port 80 Services, and clear IE settings that deal with browsing local sites (the “Intranet” Zone).

Exclude the Windows Hosts file in Windows Defender

Windows Defender will block the Windows Hosts file from modifications by detecting and then reverting any changes made.

Open Windows Defender
Settings
Excluded files and locations
File locations: (type in...)
C:\Windows\System32\drivers\etc\;
Click Add, and then Save changes.

*If you are using Kaspersky instead of Windows Defender, you will still have to exclude the Hosts file path under Kaspersky.

Exclude the WampDeveloper application from Anti-Virus Checks

Antivirus software such as BitDefender can quarantine or block actions of applications such as WampDeveloper, and Apache + PHP + MySQL.

1. Add wampdeveloper.exe to the list of Excluded programs (processes):
C:\WampDeveloper\WampDeveloper.exe

2. Exclude the entire WampDeveloper folder if possible:
C:\WampDeveloper\

*Failure to do so can often manifest in WampDeveloper not being able to update the Windows Hosts file (and your websites’ domain-names not working). Or Apache + PHP + MySQL issues.

Disable Services that Interfere with Apache

Stop and disable Windows 8 (and Server 2012) Services that prevent Apache from binding to port 80…

You can do this from either –
A) Services Manager – run services.msc
B) Command line – open command-line via WampDeveloper’s System Tab; OR locate cmd.exe, right click it, and select “Run As Admin”.

(the order you do this can be important)
(the space you see after “start=” is important)

From Services Manager

SQL Server Reporting Services (ReportServer)
Web Deployment Agent Service (MsDepSvc)
BranchCache (PeerDistSvc)
World Wide Web Publishing Service (W3SVC)
Internet Information Server (WAS, IISADMIN)
Sync Share Service (SyncShareSvc)
[HTTP / HTTP.SYS] (HTTP)

*See how to disable the “HTTP” Service.

From Command-Line

Or from the command-line execute these commands to stop and disable the Services –

net stop ReportServer /y
sc config ReportServer start= disabled

net stop MsDepSvc /y
sc config MsDepSvc start= disabled

net stop PeerDistSvc /y
sc config PeerDistSvc start= disabled

net stop SyncShareSvc /y
sc config SyncShareSvc start= disabled

net stop WAS /y
net stop W3SVC /y
sc config W3SVC start= disabled

net stop HTTP /y
sc config HTTP start= disabled

You might not have some of these Services installed nor running, so some commands might output errors.

Other Applications that Interfere with Apache

Skype, TeamViewer, VMware Host Agent service, and other applications often default to taking port 80 and 443. Most can be configured to use other ports.

Opening Up Port 80 For Apache to Use On Windows

Enable IE Intranet Browsing

On Windows 8, IE now restricts some types of local browsing (localhost, LAN IPs, etc).

In IE Settings / Internet Options

  • Advanced > Security section – deselect “Enable Enhanced Protected mode”.
  • Security > Local intranet icon – deselect “Enable Protected Mode”.

If this does not help, add each new site’s URL (http://domain.name + https://domain.name + aliases) to the Sites list of the Local Intranet zone.

How to Enable Intranet Browsing in IE10
Security zones: adding or removing websites
Removing IE’s Compatibility view settings for Intranet sites

Enabling Online and Internet Access of Websites For WAMP Server

Apache under most WAMP servers does not block internet access to any websites by default, and does not require additional configurations to enable outside and external access of websites.

If your websites are not reachable from the internet, and the request times out in your Browser (e.g., you get a blank screen), then those requests were not able to reach Apache…

Update DNS Records

Make sure your domain name resolves to your Public IP address. You can get this IP address from multiple websites (google: whats my IP), and it will also be displayed in your Router’s settings.

You’ll need to use your Registrar’s (GoDaddy, Namecheap, etc) DNS system and set up an “A” record to resolve your domain name to your Public IP address for both the “www” and “@” parts (“@” means base-domain).

Be aware that DNS changes can take 30 minutes to be implemented by the Registrar’s system, and then another 30 minutes to fully propagate to the ISP level, but usually the changes are in effect after 5-30 minutes.

* If using WampDeveloper Pro, click the Public IP address button in System Tab to display your Public IP address. Also note that WampDeveloper’s “Local DNS” feature is purely for local use, and will not enable or affect outside DNS.

Assign Domain Name or IP Address to Website

Make sure this Apache hosted website has a DNS-resolved domain-name (ex: www.example.com) set as its Primary Domain Name:
VirtualHost: ServerName www.example.com

And if accessing this website directly via the IP address, the IP address set as one of its Domain Aliases:
VirtualHost: ServerAlias example.com 192.168.1.101 and.public.ip.address.here

Also, if you are accessing this website via a Domain Alias such as the IP address, make sure that all ‘redirects’ from Domain Aliases back to Primary Domain Name are turned Off, or you’ll get redirected back to the Primary Domain Name which might not even be registered/real, nor have the needed DNS records set up for it. Check the website’s HTTP and HTTPS (SSL) VirtualHost files and the .htaccess file for any relevant Redirect lines or RewriteRule lines.

* If using WampDeveloper Pro, to disable redirects, select your website in Website’s Tab, and de-select: Forward To Primary – All Aliases.

Open Windows Firewall for Ports 80 and 443

Your Windows Firewall (native, comes with the OS) will block all incoming port 80 (HTTP) and 443 (HTTPS) requests by default.

You’ll need to open ports 80 and 443, for both TCP and UDP packets.

Open the Windows Firewall (with full interface) by running WF.msc, select “Inbound Rules”, then “New Rule…”, Port, and fill in the proper info.

Also delete any blocking “Apache HTTP Server” Inbound Rules that you see. These rules are automatically created by the Firewall when a new version of Apache is started for the first time.

* If using WampDeveloper Pro, click the “Firewall” button in System Tab to open the Windows Firewall in full mode.

McAfee, Norton, and Other Firewall and Anti-Virus Software

Most firewall and anti-virus software will also block incoming requests on ports 80 and 443 by default.

See How to configure McAfee Personal Firewall to allow inbound connections on specific ports.

Port Forward Ports 80 and 443 in Router

Port-forward ports 80 (HTTP) and 443 (HTTPS) in Router (if you’re using one).

If your WAMP server is under a typical WiFi router/modem home setup, you’ll need to login into the Router (ex: http://192.168.1.1, username or password: admin), and create a “port-forward” entry for port 80 and port 443 to the LAN IP of the server.

To find the system’s LAN IP, open the command-line by running cmd.exe, and execute command: ipconfig

Wireless LAN adapter Wireless Network Connection:
   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::xxx
   IPv4 Address. . . . . . . . . . . : 192.168.1.17
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

The LAN IP is the “IPv4 Address” of the “Connection”, and it’s usually something similar to “192.168.1.100” (but can also be of the form 172.16.x.x or 10.x.x.x).

Also, your Router might re-assign the local LAN IP (not to be confused with the Public IP) from time-to-time to another LAN device/system unless you configure it to keep assigning the same LAN IP to the same computer (by assigning the LAN IP only to the computer that has a specific MAC address).

Without the “port-forward” rules, the requests coming in on those ports will never reach Apache because the Router is 1) assigned by the ISP the Public IP address (since it’s the first device on the network), and 2) will not know what to do with those incoming requests – to which LAN IP to forward them to.

* If using WampDeveloper Pro, the LAN IP is displayed in System Tab.

Check ISP Blocking of Incoming Port 80 Requests

Make sure your ISP (Internet Service Provider) does not block incoming ports 80 and 443.

Some ISPs might block incoming ports due to abuse, hacking, and spam issues on their networks. Sometimes you can call in and get them to open those ports for your account (sometimes for a fee, sometimes via a tech level-up, and almost always if switched to a business account).

Though most of the time when they say they are not blocking incoming port 80, in reality they are.

You can check port 80 and your website externally by using this proxy…
http://anonymouse.org/anonwww.html

It’s a free anonymous browsing service that will proxy the request using different external servers throughout the world.

It’s a bit slow, but if you get the message “Error – Timeout” eventually, the request was not able to reach your server.

If your ISP is blocking port 80, run the website on a different port.

Other Issues

When accessing your WAMP server from outside, if you receive a 404 / “Not Found”, a 403 / “Forbidden”, or some other error code / message, then the request did reach Apache. And the issue is not with online access, but with something else that has to do with Apache’s configuration for this website.

Security

WampDeveloper is secured and ready for production deployment out-of-the-box.

There are just a couple of things to be aware of…

MySQL Accounts

While MySQL can only be access directly from the local system (it’s bound to 127.0.0.1), it can be accessed indirectly via any phpMyAdmin URL –
http://domain.name/phpmyadmin

The indirect access is currently secured this way:

File: C:\WampDeveloper\Tools\phpMyAdmin\config.inc.php

$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
$cfg['Servers'][$i]['AllowDeny']['rules'] = array(

	// deny everyone by default
	'deny % from all',

	// allow all users from the local system
	'allow % from localhost',
	'allow % from 127.0.0.1',
	'allow % from ::1',

	// allow all users from the server IP (commented out)
	// 'allow % from SERVER_ADDRESS',

	// allow user root from local system
	'allow root from localhost',
	'allow root from 127.0.0.1',
	'allow root from ::1',
	
	// allow user root from local network
	// note - WD v5.0 has this un-commented
	//'allow root from 10.0.0.0/8',
	//'allow root from 172.16.0.0/12',
	//'allow root from 192.168.0.0/16',
	//'allow root from fe80::/10', // IPv6 Link-local Addresses
	//'allow root from fc00::/7', // IPv6 Unique Local Addresses

	// add more usernames and their IP (or IP ranges) here -

	);

A) The user “root” has *no password set*, but this account is restricted and can *only* be accessed from the local system under WampDeveloper 5.1), and under WampDeveloper v5.0 from the local network also (as listed above). *If you do set the password for this account, do so for all root accounts (host: localhost, ::1, 127.0.0.1) and update file WampDeveloper.xml with the new password.

B) All other users are also either restricted to local access only, or just denied access all-together (as above). *To open this up, you have to edit the above file and set the proper permissions in the above code (example: ‘allow user-name-here from 127.0.0.1′).

C) There is sometimes 1 MySQL account called “Any” which does allow anyone that can get to MySQL to see (but not modify) the databases. You can safely delete this account if it exists.

AWStats Website Analytics/Statistics

Website statistics can be accessed by anyone from the local network.

Current Settings…

File(s):
C:\WampDeveloper\Tools\awstats\wwwroot\cgi-bin\awstats.www.example.com.conf
(*substitute your domain name for www.example.com)

 
AllowAccessFromWebToFollowingIPAddresses="127.0.0.1 10.0.0.0-10.255.255.255 172.16.0.0-172.31.255.255 192.168.0.0-192.168.255.255"

Directory Index

Each publicy accessable directory that does not contain an index.html or index.php file, will default to displaying an “Index” (auto generated file + directory listing) of that location. To remove “Indexes”…

Add into each website’s top-level .htaccess file, line –

Options -Indexes

VirtualHost, htaccess, and Other Templates

The C:\WampDeveloper\Resources folder contains templates that are used for each new website’s VH (HTTP and SSL) and .htaccess files when a website is created/added. You can edit these templates to meet your specifications.

Securing PHP against 99% of the attacks

Disable most commonly exploited PHP functions

php.ini –

disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

This will stop most of the exploits that would try to execute something on the system, without preventing normal scripts and webapps from working.

Restrict opening of files in scripts

Website VirtualHost(s) –

<IfModule mod_php5.c>
    php_admin_value open_basedir "C:/WampDeveloper/Temp;C:/WampDeveloper/Websites/domain.name/webroot/"
</IfModule>

This will restrict the locations that can be opened by PHP’s include(), require(), fopen() and other similar functions – to the website’s specific DocumentRoot folder and the general Temporary directory.

By using php_admin_value you are also preventing open_basedir from being reset via .htaccess files and at runtime via ini_set().

http://www.php.net/manual/en/ini.core.php#ini.open-basedir

Note that using open_basedir comes at a cost –

1. You will not be able to modify php.ini’s “realpath_cache_size” value (modified for performance tuning).

2. “php_value” and “php_admin_value” can only be used under mod_php. These directives cannot be used under PHP-FCGI / mod_fcgi (will produce ‘500 Internal Server’ error).

3. “open_basedir” cannot be set under PHP-FCGI (mod_fcgi) per VirtualHost file. Under PHP-FCGI, php.ini has to be modified with a global-scope path that will be shared among all websites / VirtualHosts.