Installing StartCom’s StartSSL SSL Certificates for Apache (on WAMP)

Before proceeding, if you have downloaded or received a zip file that contains all the various certificate and key files, you should – right click the zip file, select Properties, and click “Unblock” (if that is displayed, otherwise Windows won’t let you use some of the files after unzipping).

Extract/place the provided files into the website’s certs folder –


If the Private Key (ssl.key) was generated by StartCom for you, you’ll need to remove the password that is set on it (as it’s not needed, and also Apache on Windows cannot use password protected Keys) –

openssl rsa -in ssl.key -out ssl.key

This will ask you for the password, remove it from the key, and save the key back into the same file.

Create the Bundle file that packages all intermediate certificates (as 1_root_bundle.crt, but only if this file has not been already provided)…

copy /B intermediate.crt + root.crt 1_root_bundle.crt

This will create a bundle file named “1_root_bundle.crt” containing the needed CA (Certificate Authority) intermediate certificates which establish the chain between your public certificate up to the root CA certificate.

Then update the website’s SSL VirtualHost file with –

SSLCertificateFile "C:/WampDeveloper/Websites/"
SSLCertificateKeyFile "C:/WampDeveloper/Websites/"
SSLCertificateChainFile "C:/WampDeveloper/Websites/"

Usually nothing more needs to be changed in the VirtualHost (as WAMPs such as WampDeveloper Pro have all other parts of SSL pre-configured).

Save the VirtualHost file and restart Apache.

How to enable cURL and curl_exec in PHP

Client URL library (cURL) is not enabled in this server. cURL is needed to perform URL fetching.

curl_exec() function is disabled in this server. This function must be enabled in php.ini

The PHP extension “cURL” is enabled (usually by default) in php.ini –


But it is also possible to disable individual functions, such as curl_exec(), in php.ini (“disable_functions” cannot be set in VirtualHost nor .htaccess files).

For example, php.ini might be using disable_functions to disable curl_exec() from being used –

disable_functions =  ...,curl_exec,...

If this is the case, the website’s PHP and HTTP error log files will contain this warning –

Warning: curl_exec() has been disabled for security reasons

Edit the value of “disable_functions” to remove “curl_exec”, save php.ini, and restart Apache.

Enabling Mass Virtual Hosting

Mass Virtual Hosting allows you to automatically create 100s of websites by simply creating a “” folder. Each of these folders represent the DocumentRoot of a website.

You do not have to create any VirtualHost files, you do not have to restart Apache, you do not have to interact with your server.

This works well for command-line, and scripted/automated, creation and deletion of websites.

Enable Mass Virtual Hosting

To enable Mass Virtual hosting:

1. Load the Dynamic Mass Virtual Hosting configuration into Apache by editing file Config\Apache\httpd.conf and un-commenting line:

Include C:/WampDeveloper/Config/Apache/extra/wampd-vhosts-mass.conf

2. Remove the wildcard “*” ServerAlias entry from the LOCALHOST VirutalHost files:


Otherwise localhost will catch (and respond to) all the unassigned mass domain names.

Create New Website

To create a new website, simply create a new folder:


Make sure that the domain name is resolved to an IP address via DNS or the Hosts file.


1. WampDeveloper Pro does not generally interact with these websites.
a) Websites Tab does not see these websites.
b) LocalDNS is not updated for these websites. You will need to manually update the Windows Hosts file to resolve to

2. All logs go into one master/global log file.
a) Websites logs cannot be segmented into individual files: per domain or sub-domain. Log entries ARE formatted with the correct Virtual Host [sub.domain.tld] fields.

3. The normal fallback/default website (localhost) will no longer get used for non-defined (*) ServerName and ServerAlias.

4. All sites share a common \cgi-bin folder.

5. All sites share the same “outside webroot” folders (ex: \certs, \private, etc).

6. All sites share the same SSL certificate, which will need to be a wildcard cert or have multiple SAN (subjectAltName) entries.

7. Each website has only 1 domain name. For domain aliases, you will need to create a new website folder with an .htaccess file containing a redirect line: “Redirect /”


1. PHP and all other configurations are inherited due to use of the standard webroot path/structure:

Installing mod_cloudflare Apache Module To Get Real Visitor IP Addresses

If your Apache server is using CloudFlare for security, or to take advantage of their CDN network, you’ll notice that all client requests now come-in from CloudFlare IP addresses – and the real visitor IP address is hidden.

This creates problems as you can no longer do IP based access controls (big problem!), and also you no longer have correct access logs of your visitors. There are also other issues with rewrite rules, various scripts, configurations, and web applications.

mod_cloudflare fixes the issues by restoring the real IP of each connection. It will provide Apache and PHP with the original client IP address.

But there is a twist to all this, as you don’t really want to use a 3rd party Apache module (mod_cloudflare) when there is already a perfectly good native solution… Apache’s mod_remoteip will do the same job as mod_cloudflare, except even better.

mod_remoteip will pull the original client IP address from the CF-Connecting-IP Header provided in each CloudFlare-based request, and use it as-so (after doing some verification).

The full configuration for mod_cloudflare/mod_remoteip is provided by WampDeveloper Pro, and can be loaded into Apache by un-commenting the loading of wampd_cloudflare.conf in httpd.conf.

For everyone else, here is the full CloudFlare configuration for Apache:

# WampDeveloper Pro CloudFlare Integration

# mod_remoteip configuration documentation -
# CloudFlare IP Ranges from -

# To use, just enable your domain name in your CloudFlare account.
# This module and configuration will correctly report the client's true IP / Remote IP (instead of the Proxy IP)
# This fixes issues with web applications, scripts, access and rewrite configurations, and logs

<IfModule !mod_remoteip.c>
	LoadModule remoteip_module modules/

<IfModule mod_remoteip.c>
	# CloudFlare Header
	RemoteIPHeader CF-Connecting-IP
	# Trusted Proxy List
	# note - using RemoteIPTrustedProxy instead of RemoteIPInternalProxy
	# note - RemoteIPTrustedProxy does NOT trust Header provided private intranet addresses (local and LAN addresses)
	# note - RemoteIPInternalProxy is a security risk when using an external Proxy
	# CloudFlare IPv4 Address Ranges
	# CloudFlare IPv6 Address Ranges
	RemoteIPTrustedProxy 2400:cb00::/32
	RemoteIPTrustedProxy 2405:8100::/32
	RemoteIPTrustedProxy 2405:b500::/32
	RemoteIPTrustedProxy 2606:4700::/32
	RemoteIPTrustedProxy 2803:f800::/32

With correcting Apache’s reported client IP, and PHP’s reported $_SERVER['REMOTE_ADDR'], this also secures the process by only trusting the Header-provided IP data from only the CloudFlare servers IP range.

Accessing Remote Databases Using Local PhpMyAdmin

Accessing and managing a remote MySQL database from a “localhost” phpMyAdmin is very simple.


Four things are required –

1. The remote MySQL server must be listening on a publicly accessible IP address (usually my.ini has MySQL bounded to – which will not see outside connections). Some cloud-based VM providers might also require you to connect public:3306 to private:3306 (i.e., “endpoints” on Azure).

2. The remote MySQL user account has to have its ‘Host’ field set to either “%” (means any IP can connect) or to your public IP address. This account also has to have at least the minimum set of permissions (‘SELECT‘ vs. ‘ALL‘) granted on the database(s) you need access to (e.g., GRANT ALL PRIVILEGES ON `database`.* TO 'user-name'@'%';).

3. The remote server’s firewall should be configured to allow inbound and outbound port 3306 TCP connections.

4. The local computer needs to have a fully working phpMyAdmin environment installed (such as WAMP-Developer Pro).

Connecting phpMyAdmin to Remote Server

Edit phpMyAdmin’s configuration file (\WampDeveloper\Tools\phpMyAdmin\, and at the end of it, before the ending ?> line, add in –

/* Remote Server */
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['host'] = '';
$cfg['Servers'][$i]['verbose'] = 'Remote Server Name';
$cfg['Servers'][$i]['user'] = '**********';
$cfg['Servers'][$i]['password'] = '**********'; 
$cfg['Servers'][$i]['hide_db'] = '^(mysql|performance_schema|innodb|information_schema)$';

Update for the host (address of remote server), server name (can be anything – used as display name), and the MySQL’s account user + password info. Do not modify anything else in the file. Save file.

Afterwards –

Access the localhost phpMyAdmin:

Login with user:


Select from the “Current Server” drop-down:

Remote Server Name

phpMyAdmin will do the rest, using the provided info to establish a connection to the remote host/server, and manage the remote database(s) as if they where local.

phpMyAdmin Remote Server

phpMyAdmin Remote Database

Parsing .HTML and .HTM Files as PHP (with htaccess)

To have Apache run .html and .htm files through PHP, add this configuration into the website’s .htaccess file.

AddType text/html .htm .html

# For mod_php5 and mod_php7
<IfModule !fcgid_module>
	AddHandler application/x-httpd-php .htm .html

# For mod_fcgid
<IfModule fcgid_module>
	AddHandler fcgid-script .htm .html
	FcgidWrapper "C:/WampDeveloper/Components/Php/php-cgi.exe" .htm virtual
	FcgidWrapper "C:/WampDeveloper/Components/Php/php-cgi.exe" .html virtual

This will work for both mod_php and mod_fcgid.

Use the correct path in the FCGIWrapper .../php-cgi.exe lines.

WAMP Apache Won’t Start on Windows 10

With everyone taking the Windows 10 upgrade, this question has been coming up often…

I recently upgraded to Windows 10, and as a result WAMPDeveloper’s Apache service won’t start. It produces the following error message:

Error (OS 10013) An attempt was made to access a socket in a way forbidden by its access permissions. :AH00072: make_sock: could not bind to address [::]:80
(OS 10013) An attempt was made to access a socket in a way forbidden by its access permissions. :AH00072: make_sock: could not bind to address
AH00451: no listening sockets available, shutting down
AH00015: Unable to open logs

The problem is that Windows 10 now comes with several extra Services that take port 80 (HTTP) and 443 (HTTPS), which Apache needs to start.

If Apache will not start (due to the above binding/socket/port issue), then one of these two Services is running on Windows 10.

  1. Web Deployment Agent Service (MsDepSvc)
  2. IIS / World Wide Web Publishing Service (W3SVC)

These services are not needed for Windows functionality and can be safely disabled.

Run ‘services.msc’, select the service, click to stop it, and then change its Startup Type from “Automatic” to “Disabled”.

If you are still not able to start Apache, check the bigger list of services that prevent Apache from starting.