Tag Archives: FAQ

Wamp-Developer Server FAQ

Installing Comodo PositiveSSL Certificate Bundled with Root and Intermediate CA Certificates on Apache

The problem with basic domain-validation certificates is they tend to have multiple “Intermediate CA” certificates that have to be bundled together and included into the setup, and the provided instruction on how to use those 3 additional certificate files is often missing, outdated, or just wrong. I think this is done by design, to get you to spend more on the more expensive extended validation certs (that don’t need multiple intermediary certs).

Aside from that, the basic low-end “domain validation” certs win on 3 fronts:

  • They cost $10 instead of $300.
  • They are very easy to get since the “validation” step (to prove who you are) is basically opening an email sent to the domain name (admin@domain.name) and clicking the provided link.
  • They tend to have faster/more-responsive page load times, since the Browser does not download the Certificate Revocation List (CRL) or perform a check of the certificate status (via OCSP), either of which can add an additional .5-2 seconds before the page is displayed (this is why Amazon does not use an EV “green bar” cert).

Here is how to install the most common certificate on the market, the Comodo PositiveSSL Certificate bundled with Root and Intermediate CA Certificates on Apache.

These instructions can be used on WampDeveloper Pro, on any other WAMP (Xampp, WampServer, etc) or Apache setup, and on Linux – with just some path changes. The fictitious domain used in this example is www.example.com.

Open the command line with elevated privileges (e.g., right-click cmd.exe and select ‘Run as admin’). And change to the website’s \certs folder:

cd \WampDeveloper\Websites\www.example.com\certs\

1. Generate a 2048 bit private key named www_example_com.key.

openssl genrsa -out www_example_com.key 2048

2. Generate a Certificate Signing Request (csr) file named www_example_com.csr.

openssl req -new -sha256 -key www_example_com.key -out www_example_com.csr -config C:\WampDeveloper\Config\Apache\openssl.cnf

* Update the above line with the correct openssl “-config ...” path… On your WampDeveloper installation, update path for your drive letter. On other WAMPs, update the full path. And on Linux, leave that part out.

For “Common Name” enter:

For all other fields enter:

The “.” means empty / no value. Because you are purchasing a simple “domain validation” certificate, all other fields will get erased.

* If you specify the “www” host on the domain.name (as above), Comodo will issue the certificate for both: www.example.com and example.com

3. Open the “Certificate Signing Request” file www_example_com.csr and copy/paste its entire (full) contents into the proper box when activating the SSL Certificate you have purchased.

4. After the confirmation process, you’ll receive an email with an attached zip file named “www_example_com.zip”.

  1. Save this file to some location.
  2. Right click this file, select Properties. Click button: Unblock (or Windows won’t allow you to extract the certs due to security issues).
  3. Extract the contents of the zip into the website’s \certs folder.

5. Create the CA (Certificate Authority) Intermediate Certificates Bundle file:

copy /B COMODORSADomainValidationSecureServerCA.crt + COMODORSAAddTrustCA.crt + AddTrustExternalCARoot.crt PositiveSSL.ca-bundle

For Linux, this command would instead be:

cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > PositiveSSL.ca-bundle

This will create a file named PositiveSSL.ca-bundle containing the 3 CA (Certificate Authority) intermediate certificates, all in the proper order (that Apache + mod_ssl / openssl expect).

Each of the above intermediate certificates basically validates the one next to it (though in reverse order as stored in the file).

The authority chain starts with the root CA certificate that your Browser has on file, goes through all the provided CA intermediate certs, and finally ends with the public certificate file.

The actual validation check happens in the reverse order, starting with the public cert and going up, but that is not important except to note it is the reason for the “reverse” order of how the intermediate certs are stored in the bundle file.

6. Configure the website’s SSL VirtualHost file to use the private key, public certificate, and the bundled intermediate certificates chain file.

Edit the website’s SSL VirtualHost file:

Update existing SSLCertificateFile and SSLCertificateKeyFile paths with the proper file names. And add in the SSLCertificateChainFile directive + path.

SSLCertificateFile "C:/WampDeveloper/Websites/www.example.com/certs/www_example_com.crt"
SSLCertificateKeyFile "C:/WampDeveloper/Websites/www.example.com/certs/www_example_com.key"
SSLCertificateChainFile "C:/WampDeveloper/Websites/www.example.com/certs/PositiveSSL.ca-bundle"

Save VirtualHost file.

7. Restart Apache.

Check your website -


WampDeveloper Pro v4 Download Links

The last WampDeveloper Pro v4 releases can be downloaded here:

* The “delta” release can just be extracted right over the installation (overwrite everything + make sure WampDeveloper . exe is not running / open). It’s a package of 10 or so DLL files and the WampDeveloper exe file… That fixes a couple of minor bugs (mostly registration bugs).

Load Testing Apache with AB (Apache Bench)

The only productive way to load test an Apache or WAMP (such as WampDeveloper Pro) web-server is to test a real-world page that itself performs -

  • Loading and processing of multiple PHP files.
  • Establishment of multiple MySQL connections, and performing multiple table reads.

This is the minimum, because the test of an almost empty and static page (used by most examples) tells us nothing about how the different parts of a web-server hold up under stress, nor how that web-server setup will handle real-world concurrent connections to websites running on web-apps such as WordPress.

* Ideally, this test would also a) perform GETs of all page assets (css, js, images) and b) simulate traffic of which 10% is DB writes (we’ll skip this because its more complicated to set up).

Using AB

Luckily, this type of test is very easy to do in a quick (and somewhat dirty) way by using Apache’s ab (Apache Bench) application (that’s included with each Apache version in its \bin directory).

This ab test won’t be the most extensive test, and it comes with its own caveats, but it will quickly show you -

  • If there is an immediate problem with the setup (this problem will manifest itself in Apache crashing).
  • How far you can push the Apache, PHP, and MySQL web-server (with concurrent connections and page request load).
  • And what Apache and PHP settings you should modify to get better performance and eliminate the crashes.

AB Issues

There are some problems with ab to be aware of -

  • ab will not parse HTML to get the additional assets of each page (css, images, etc).
  • ab can start to error out, breaking the test, as the number of requests to perform is increased, more connections are established but not returned, and as the load increases and more time passes (see ab -h for explanation of -r switch).
  • ab is an HTTP/1.0 client, not a HTTP/1.1 client, and “Connection: KeepAlive” (ab -k switch) requests of dynamic pages will not work (dynamic pages don’t have a predetermined “Content-Length: value“, and using “Transfer-Encoding: chunked” is not possible with HTTP/1.0 clients).

More on AB and the KeepAlive issue -

KeepAlive – Apache Directive

A Keep-Alive connection with an HTTP/1.0 client can only be used when the length of the content is known in advance. This implies that dynamic content will generally not use Keep-Alive connections to HTTP/1.0 clients.

Compatibility with HTTP/1.0 Persistent Connections – Hypertext Transfer Protocol HTTP/1.1 Standard

A persistent connection with an HTTP/1.0 client cannot make use of the chunked transfer-coding, and therefore MUST use a Content-Length for marking the ending boundary of each message.

Chunked transfer encoding – Wikipedia

Chunked transfer encoding allows a server to maintain an HTTP persistent connection for dynamically generated content. In this case the HTTP Content-Length header cannot be used to delimit the content and the next HTTP request/response, as the content size is as yet unknown.

Request Floods

ab will flood the Apache server with requests – as fast as it can generate them (not unlike in a DDoS attack). AB has no option to set a delay between these requests.

And given that these requests are generated from the same local system they are going to (i.e., the network layer is bypassed), this will create a peak level of requests that will cause Apache to stop responding and the OS to start blocking/dropping additional requests. Especially if the requested page is a simple PHP file that can be processed within a millisecond.

In this context, with ab, the bigger the -c (concurrent number of requests to do at the same time) is, the lower your -n (total number of requests to perform) should be… Even with a -c of 5, -n should not be more than 200.

Expect the behavior of the ab tests to be very non-deterministic under higher concurrent loads, they will fail and succeed randomly. Even a -c of 2 will cause issues.

These are the error messages displayed by ab -

apr_socket_recv: An existing connection was forcibly closed by the remote host. (730054)
apr_pollset_add(): Not enough space (12)

And the dialog displayed by Windows -

When this happens (a message is displayed that Apache has crashed), just ignore it (Apache is still running), and keep repeating the test until “Failed requests:” is reported as “0″, AND “Percentage of the requests served within a certain time (ms)” is about 2-20x between the 50% and 99% mark (and not 200x). Otherwise, the test is not reliable due to the issues that present themselves when ab floods Apache on loopback (and due to how the OS responds to that flood).

This is what you should see on a good test of a simple index.php page…

C:\WampDeveloper> ab -l -r -n 100 -c 10 -k -H "Accept-Encoding: gzip, deflate" http://www.example.com/

Benchmarking www.example.com (be patient).....done

Server Software:        Apache/2.4.10
Server Hostname:        www.example.com
Server Port:            80

Document Path:          /
Document Length:        Variable

Concurrency Level:      10
Time taken for tests:   0.046 seconds
Complete requests:      100
Failed requests:        0
Keep-Alive requests:    100
Total transferred:      198410 bytes
HTML transferred:       167500 bytes
Requests per second:    2173.91 [#/sec] (mean)
Time per request:       4.600 [ms] (mean)
Time per request:       0.460 [ms] (mean, across all concurrent requests)
Transfer rate:          4212.17 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    0   0.2      0       2
Processing:     1    4   5.9      3      33
Waiting:        1    4   5.9      3      32
Total:          1    4   6.0      3      33

Percentage of the requests served within a certain time (ms)
  50%      3
  66%      4
  75%      4
  80%      5
  90%      6
  95%     22
  98%     32
  99%     33
 100%     33 (longest request)

Before Performing The Load Test

Make sure that -

  • You’ve rebooted the system and don’t have anything extra open/running (i.e., YouTube videos playing in your Browser).
  • These extra PHP extensions are not loaded: Zend OPcache, APC, nor XDebug.
  • You wait 4 minutes before performing another ab test to avoiding TCP/IP Port Exhaustion (also known as ephemeral port exhaustion).
  • And in a test where KeepAlive works (it doesn’t in ab tests getting dynamic pages), the number of Apache Worker Threads are set to be greater than the number of concurrent users/visitors/connections.
  • If Apache or PHP crashes, you’ve rebooted the computer or VM before performing another test (some things get stuck and continue to persist after Apache and/or mod_fcgid’s PHP processes are restarted).

Start The AB Test

1. Install WordPress as http://www.example.com/blog

2. Open the command-line (cmd.exe).

3. Restart Apache and MySQL, and prime the web-server (with 1 request):
ab -n 1 -c 1 -k -H "Accept-Encoding: gzip, deflate" http://www.example.com/blog/

4. Run the Apache Bench program to simulate -

1 concurrent user doing 100 page hits

This is 100 sequential page loads by a single user:
ab -l -r -n 100 -c 1 -k -H "Accept-Encoding: gzip, deflate" http://www.example.com/blog/

This shows you how well the web-server will handle a simple load of 1 user doing a number of page loads.

5 concurrent users each doing 10 page hits

This is 100 page loads by 5 different concurrent users, each user is doing 10 sequential pages loads.
ab -l -r -n 50 -c 10 -k -H "Accept-Encoding: gzip, deflate" http://www.example.com/blog/

This represents a peak load of a website that gets about 50,000+ hits a month. Congratulations, your website / business / idea has made it (and no doubt is on its way up).

10 concurrent users each doing 10 page hits

This is 100 page loads by 10 different concurrent users, each user is doing 10 sequential pages loads.
ab -l -r -n 100 -c 10 -k -H "Accept-Encoding: gzip, deflate" http://www.example.com/blog/

This is where the load starts to really stress test the web-server, as 10 concurrent (simultaneous) users is a lot of traffic. Most websites will be lucky to see 1 or 2 users (visitors) a minute… So let me say it again, 10 users per second is a lot of traffic!

30 concurrent users each doing 20 page hits

This is 600 page loads by 30 different concurrent users, each user is doing 20 sequential pages loads.
ab -l -r -n 600 -c 30 -k -H "Accept-Encoding: gzip, deflate" http://www.example.com/blog/

This is the edge of what a non-cached WordPress setup will be able to handle without crashing or timing-out the web-server (and/or ab itself). This type of load represents an extremely active website or forum, the top 1%.

90 concurrent users each doing 30 page hits

This is 2700 page loads by 90 different concurrent users, each user is doing 30 sequential pages loads.
ab -n 2700 -c 90 -k -H "Accept-Encoding: gzip, deflate" http://www.example.com/blog/

Only a fully cached (using mod_cache) Apache setup will be able to handle this type of a load. This represents some of the busiest sites on the net, and there is no hope of this not maxing out and crashing (if your settings are not just right) the web-server with a non-cached WordPress setup.

Analyze the AB Results

We only care about 3 things:

1. How many Requests Per Second are we seeing? The other metrics are not really useful, as they are not representative of anything real in this ab context. * This value will remain somewhat the same regardless of the concurrency level used.

2. Are there any errors in the website’s or Apache’s (general) error and php logs? * When things stat to choke, PHP memory issues will start coming up. A lot of PHP scripts also begin to crash (and take out Apache + PHP processes) if they are not written with concurrency in mind.

3. At what concurrency level does Apache crash and/or time-out? * If this is happening at a lower concurrency level, something is wrong and you need to adjust these settings either lower of higher…

Adjust Settings to Gain Stability Under Load


# The number of Apache threads (workers) to deploy. Each worker can handle a separate concurrent connection or request.
# This should never be set more than the expected traffic can bring in, otherwise it will waste server resources.
# Setting this value DOWN from the default 64-128 is a good idea.
ThreadsPerChild 64
# ThreadLimit should be about 50% more than ThreadsPerChild, as this has a side-effect of allotting more memory and enabling Apache to use that extra memory during peak load times.
ThreadLimit 96

# The number of requests (or connections if KeepAlive is On) after wich to recycle all Apache threads (to help control memory leaks and process bloat).
# Renamed to MaxConnectionsPerChild under Apache 2.4 ("MaxRequestsPerChild" is still valid).
MaxRequestsPerChild 16384

# The default stack size on Windows is less than or equal to 1MB, and 8MB on Linux.
# Increase size to help crashes from segmentation faults / stack overflows due to PHP scripts needing more stack size.
# Can decrease value to lower memory consumption by Apache when PHP is ran via mod_php (PHP as an Apache thread).
# Can decrease value even more when PHP is ran via mod_fcgid (PHP as a process outside of Apache).
# 8MB*1024*1024 is 8388608, 4MB*1024*1024 is 4194304, 1MB*1024*1024 is 1048576, 0.5MB*1024*1024 is 524288
<IfVersion >= 2.2>
ThreadStackSize 2097152

# The maximum number of free Kbytes that every Apache thread is allowed to hold without attempting to give it back to the OS.
# Apache 2.0 and 2.2 default to 0 / unlimited (bad), Apache 2.4 to 2MB (better).
# This might prevent the Apache process from growing too large as this will typically restrict its process max size to threads * MaxMemFree.
MaxMemFree 2048

# Backlog queue when all threads/workers are taken up.
# Increase to handle peak loads, and during TCP SYN flood attacks (default is 511).
ListenBacklog 2711

# TCP receive buffer size (in bytes). 0 specifies to use the OS default.
ReceiveBufferSize 0

# TCP send buffer size (in bytes). 0 specifies to use the OS default.
SendBufferSize 0


# Turn BufferLogs On to buffer logs for multiple requests instead of writing them out individually to the log files
# Good for performance, but inconvenient for trying to detect or debug issues
BufferedLogs Off

# Use the OS's abilities to speed up memory access and file reading
# These settings are OFF to improve stability during concurrent and peak loads
# Note - EnableSendfile should be Off if a website's DocumentRoot is a network mounted location
# Note - EnableSendfile is set to Off under the default configuration of Apache 2.4
EnableMMAP Off
EnableSendfile Off

# Fixes issues but does disable a faster way of accepting network connections on Windows
# Implemented for the following known issues -
# A) The network layer (winsock) is often broken due to network, firewall, anti-virus, etc, software (s/w that adds its own filters to winsock)
# B) Apache 2.4 is being used (general issue on Windows with 2.4?...)
# C) Some requests do not start/complete (initial req is broken but sequential reqs, when performed within a 3-second window, complete)
<IfVersion < 2.3>
<IfVersion >= 2.3.3>
AcceptFilter http none
AcceptFilter https none

PHP (for crashes):

; Determines the size of the realpath cache to be used by PHP. This value should
; be increased on systems where PHP opens many files to reflect the quantity of
; the file operations performed.
; http://php.net/realpath-cache-size
;realpath_cache_size = 16k
realpath_cache_size = 1M

For stability, also make sure to test both PHP and PHP-FCGI. The difference is PHP (mod_php) runs inside of Apache, PHP-FCGI (separate process via mod_fcgid) runs outside of Apache. PHP-FCGI might be more stable under some circumstances, and more fickle under others.

Performance Gains

For top performance gains use -

1. Apache’s mod_cache module to cache page requests/results. This will produce 5-10x the performance gains over all other methods combined.

2. PHP’s Zend OPcache extension to cache PHP scripts as compiled objects. This will produce a 3-5x Requests Per Second speed up.

3. memcached + php_memcache setup to cache PHP script’s or web-app’s internal data and results. This can produce a good 50%-100% performance gain.

4. Cache plugins and/or setting adjustments specific to the web-app: Cache plugins for WordPress, Speedup tips for PrestaShop, etc.

5. mod_expires to make the client’s (visitor’s) Browser cache pages and page assets for a given time, instead of re-getting those pages and assets on each page load.

* Some of these are more difficult to configure and set up than others.

Also, in my experience, the switch from 32 bit to 64 bit Apache, PHP, and MySQL versions only provides limited/marginal performance gains (and in some cases it’s even negative).

To sum everything up, 99% of all performance gains will come from utilizing Apache’s caching mechanisms (via mod_cache), using PHP Zend OPcache (extension), and afterwards (once the bottleneck is moved from Apache with PHP to MySQL), improving MySQL performance by tuning my.ini settings, and optimizing/restructuring MySQL queries by utilizing MySQL’s Slow Query log (to see what the problem is).

Having said that, there are also performance robing issues that can exist on the OS, in the Apache/MySQL/PHP settings, and even the client’s Browser, that are covered here -

Setting File Permissions with chmod on Windows for Apache and PHP

Oftentimes this question comes up for WAMP -

How do I chmod 777 (change) filesystem permissions for Apache and PHP to be able to read/write this file/folder on Windows?

The simple answer is you don’t, and you don’t need to. And here is why…

Apache already has all the permissions it needs, as it runs under the LocalSystem account on Windows, which has extensive read/write access to local paths. This is inherited by PHP.

For example, when you are using WordPress to upload a file (and already have the wp-content\uploads folder created), WP already has the needed permissions to be able to create a new sub-folder for the year + month in the uploads folder, and move that file in from the temporary folder. No file permission changes are needed. No php.ini edits are needed. No WP settings changes are needed.

If there is a problem with the above example -

  • The additional file permissions that have been set up afterwards are at fault (check Windows Event viewer).
  • Settings have been wrongly edited: WP upload path settings, php.ini temp folder location + upload settings, etc.
  • The Apache Service ‘Log On’ account has been switched from “LocalSystem” to something else (check Service’s Properties).
  • Or there are internal PHP errors (check the website’s HTTP and PHP error logs).

If you really really need to run chmod (read/write permissions) and chown (ownership) for some reason, there are some Windows equivalents and ports of these Linux commands that you can download, that just take the number, re-interpret it, and then use Windows native methods and commands to set the permissions…


But Apache, for the most part, already has *full* read and write permissions in the WAMP folder, so there is nothing that needs changing, unless you are trying to set lesser permissions.

You can even use a PHP script to do this, as PHP has chmod() and chown() functions…


Aside form that, to set file-permissions under Windows, using Windows native ways, you can right-click any folder or file, go to Properties, Security, and set the permissions there. Or use any number of command-line utilities…


Setting MySQL Root Password

To set MySQL’s root account password -

Login to phpMyAdmin

Use username ‘root’ and do not enter anything for the password.

Username: root

Update Root Password

Go into phpMyAdmin’s Users Tab.

There are 3 root accounts… One for each loopback IP (IPv4′s ’′ and IPv6′s ‘::1′), and one for host-name ‘localhost’.

  • root@
  • root@::1
  • root@localhost

This represents the same account, the difference is the IP address and/or Host-name it’s accessed from.

Click the ‘Edit Privileges’ link that’s to the right of each account for the above.

In the ‘Change password’ Group, only fill in the Password box (and “Re-type” box), and then in that same Group click ‘Go’. Don’t change anything else.

Do this for all 3 root accounts, making sure that -
1) the password is the same in each account
2) the password only contains letters and numbers (don’t use any special characters like ‘&’ as they can later cause issues)


To let WampDeveloper know what the root password is (so WebApps Tab can install webapps) -

Once you’ve set root’s password, open file C:\WampDeveloper\WampDeveloper.xml with a simple editor like Notepad (and not a special XML editor), by right-clicking this file and selecting ‘Open With -> Notepad’, and near the bottom find these lines and fill in the password…

  <key name="dbUsername">root</key>
  <key name="dbPassword">fill-in-root-password-here</key>

Save file. Restart WampDeveloper.

If the password contains special XML characters (", &, ‘, <, >, etc), enclose that password string within “<![CDATA[string]]>“…

  <key name="dbPassword"><![CDATA[fill-in-root-password-here]]></key>

* Fancy XML editors can re-structure this file and mess it up; and since it’s ultimately just a text file, editing with Notepad is perfectly fine for this.

Blocking Download Managers and Accelerators

Some users like to use Download Managers & Accelerators in an attempt to complete file downloads faster.

These download managers/accelerators work by creating dozens to hundreds (and sometimes thousands) of independent concurrent and sequential connections, with each connection downloading a different part (byte range) of the same file.

The client sends a request with a “Range” Header specifying the part of the file it wants, and the server returns that part of the file back to the client using the HTTP 206 (“Partial Content”) Response.

This type of download abuse can easily overload your server’s connection limits and resources, and also get around any per-connection bandwidth restrictions you might have set.

Here is how to stop these Download Managers dead in their tracks by using mod_headers and mod_rewrite under Apache (or a WAMP Server such as WampDeveloper Pro).

This example will abort all partial requests for content located within URL:


Unset Accept-Ranges Header

Indicate to the clients that the server will not attempt to honor Range requests (partial content requests), by changing Response Header “Accept-Ranges” from “bytes” to “none“.

<IfModule !mod_headers.c>
    LoadModule headers_module modules/mod_headers.so

<Location /files/>
    <IfModule mod_headers.c>
        Header set Accept-Ranges none

But this is only a superficial message to the client, that the download manager/accelerator software can easily ignore…

The client is still able to send “Range” requests (partial content requests), and Apache will still return the requested byte range of the file. So let’s remove that option once and for all…

Abort All Range (Partial Content) Requests

<IfModule !mod_rewrite.c>
    LoadModule rewrite_module modules/mod_rewrite.so

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Detect URL /files/...
    RewriteCond %{REQUEST_URI} ^files/
    # Detect "Range" request header
    RewriteCond %{HTTP:Range} !^$
    # Stop and Return HTTP FORBIDDEN (403) response header
    RewriteRule .* - [F,L]

* If instead of placing this inside a VirtualHost block, you place it in an .htaccess file, then “AllowOverride FileInfo” (or “AllowOverride All“) and “Options +FollowSymLinks” (or “Options All“) have to be set (in the VirtualHost) for the directory the .htaccess file is in (otherwise neither mod_rewrite, nor working with the Header data, will work).

* Don’t use “RequestHeader unset Range” as this will get around the mod_rewrite configuration while turning all partial content downloads into full size downloads.


Incomplete downloads are not resumable… A client will not be able to pause or stop a download, and later resume it.

Downloads started with download accelerators will stop at whatever % of full file size the first connection retrieves.

May also break some -

  • Clients that do streaming of video and audio
  • Clients that do reading/loading of meta-data from large files
  • e-Readers
  • Client-side bandwidth throttling

Notes on using mod_rewrite

Per-directory Rewrites


For mod_rewrite, “Options FollowSymLinks” must be enabled for anything related to directories to work…

To enable the rewrite engine in this context, you need to set “RewriteEngine On” and “Options FollowSymLinks” must be enabled. If your administrator has disabled override of FollowSymLinks for a user’s directory, then you cannot use the rewrite engine. This restriction is required for security reasons.

Behavior of mod_rewrite in <Location> sections can be unpredictable…

Although rewrite rules are syntactically permitted in <Location> and <Files> sections, this should never be necessary and is unsupported.

Download Speed Limit and Throttling for Apache 2.4

Restricting download speeds is extremely easy with Apache 2.4, which now comes standard with mod_ratelimit (a very simple and straight-forward module).

Download limits can be set per:

  • Server (all websites)
  • VirtualHost (specific website)
  • URL

The download limit will be applied per download connection, restricting each download to a specific maximum speed.

Load mod_ratelimit

Add the loading of mod_ratelimit into Apache’s configuration.

<IfVersion >= 2.4>
    LoadModule ratelimit_module modules/mod_ratelimit.so

Limit Download Speed

To limit download speed per URL in a specific website, open the website’s VirtualHost files (both the HTTP and SSL VH), and insert the rate limiting configuration inside the VirtualHost block.

This example sets the limit to 350KB/s for all downloads under URL “/downloads”.

<IfModule mod_ratelimit.c>
    <Location /downloads>
        SetOutputFilter RATE_LIMIT
        SetEnv rate-limit 350

Save file(s), and restart Apache for configuration changes to take effect.

Test Bandwidth Throttling

Place a large file into the /downloads location, and attempt to download this file multiple times. Check the results -


* This works best under IE, as Chrome will not download the same file multiple times at the same time.

More Specific Limits

Anything other then per connection limits require more comprehensive Apache modules such as mod_bw (docs) or mod_limitipconn (docs).

*mod_security can also limit bandwidth, but I would not recommend it as it’s too complex to setup, use, and maintain.

Also, according to the mod_ratelimit docs (well, the comments in the docs), you can dynamically adjust this rate limit per request, using PHP…

Note that if you are using PHP, you can set rate-limit to 0 in httpd.conf (no limiting) and then dynamically set “rate-limit” env variable for each request in your PHP scripts, but you cannot use putenv() function for this. You must use apache_setenv() in order to make it work properly.

This could allow you to create your own management script that tracks the use of, and allots, the download bandwidth.

Accessing Websites on a Local Network (LAN) Web Server

There are a number of different ways that local websites can be viewed from other computers (running Windows, Mac OS X, Linux) and mobile devices (iPads, iPhones, Android phones, etc), that are all connected within the same LAN (local network).

To get every LAN connected computer and mobile device to find and connect to a local website, you have these options:

Use the LAN IP of Server

Connect directly to the server via its LAN IP address, using that IP in the URL:

For this to work, the LAN IP address must be assigned as one of the website’s Domain Aliases, and all redirects from Aliases to the Primary Domain Name must be turned off.

Downside – as only 1 IP address is assigned per NIC (network card), only 1 website can be accessed.

Use the LAN host-name of Server

Connect to the server via its LAN host-name (computer name), using that host-name in the URL:

For this to work, the LAN host-name must be assigned as one of the website’s Domain Aliases, and all redirects from Aliases to the Primary Domain Name must be turned off.

Downside – as only 1 host-name (computer name) is assigned per computer, only 1 website can be accessed. Also, there might be issues with some non-Windows devices, such as the iPad, which either don’t inter-operate (work with) WINS and NetBIOS or require further configuration.

Use a LAN-wide Hosts file Set Up

Connect to the server by using LAN-wide (global) Hosts files…

This is done by editing every LAN systems’ Hosts file with entries that resolve each and every website’s domain-name and aliases to the LAN IP of the server: www.domain1.name domain1.alias1 domain1.alias2 www.domain2.name domain2.alias1 domain2.alias2 www.domain3.name domain3.alias1 domain3.alias2

This way all the other LAN systems know to which IP address to send the request to when the www.domain.name is used in the local Browser.

Downside – while this will work on Windows, Linux, and Mac OS X, this will not work on most mobile devices unless they are jail-broken / rooted (as you can’t edit their Hosts file).

Hosts file path: C:\Windows\system32\drivers\etc\hosts

Use Registered Domain Names

Connect via any website’s domain-name, as long as that domain-name is:

  • Registered (bought and paid for on Namecheap, GoDaddy, etc)
  • And has a DNS “A” record set (resolved) to either the LAN IP of the server (ex: or the Public IP of the Router (via the domain Registrar’s DNS servers).

* It’s perfectly valid to resolve a domain-name to a local LAN IP address.

If you only have 1 registered domain name, you can use its sub-domains to represent your different local websites, by using a wild-card (*) / catch-all DNS record. This way all *.domain.name requests, regardless of what they are, will always be resolved to your LAN IP or Public IP. And once that request reaches your web server, the web server will match the sub.domain.name to the proper website. The downside of this is that every website’s domain-name must use a common base (which can make the full address long).

Use a WiFi Router that’s capable of DNS Masquerading

Some Routers are supported by 3rd-party firmware such as the OpenWRT and DD-WRT (2) projects.

Both OpenWRT and DD-WRT are able to inject custom domain-name to IP address resolves via their own internal Hosts files and/or internal bundled DNS Masquerading software such as DNSmasq.

This is probably the best option as ALL WiFi connected computers (regardless of OS) and mobile devices (everything from iPads to Android phones) will be able to connect to each and every website… Without configuring anything or doing anything to those computers and devices.

Use Own DNS Servers

Local networks (that are behind a typical wifi Router) use outside DNS servers, which “resolve” (convert) domain names to IP addresses.

Typically, the Router gets the addresses of 2-4 DNS servers from your Internet Provider (via a protocol called DHCP), and acts as the middle-man, for domain name resolve requests, between the computers and devices within the LAN, and the external DNS servers.

These external DNS servers are unable to answer and resolve requests for your “virtual” (non-registered) domain names to your locally hosted websites and their LAN IPs.

You can however, via your Router settings, switch-over these DNS servers with your own local DNS server, which will be able to resolve all “virtual” (fake) domain names, and wildcards (ex: *.local), to the server’s LAN IP address.

There are several options for DNS Servers for Windows, and Linux.


On some mobile devices, you can set them to use an HTTP Proxy server, that will then custom-resolve the domain-name to the LAN IP address. This gets around the problem of not being able to edit the device’s Hosts file without jail-breaking or rooting it. But you’ll need one computer running the proxy server software. On Windows, you can use the Fiddler Proxy to set this up.

Mobile devices have to be connected to your WiFi to be able to access the server via the LAN IP address. Otherwise, you must use a registered domain-name that has a DNS record resolving the domain-name to the the Public IP of the Router (which then “port-forwards” from WAN:80 to LAN:80 of server).

LAN IPs are usually reassigned/changed after reboot or power-off of the LAN connected computers and devices and/or the Router. You’ll have to go into the Router’s configuration and settings, and make sure to manually assign the same LAN IP to the same LAN system (by assigning that LAN IP to the server’s MAC address).

When a request comes in to the web-server for a domain-name or IP address that is not assigned to any website, the first Apache Virtual Host (DefaultWebsite, localhost) gets returned.

When accessing the server directly via an IP address, you’ll only be able to access 1 website (the website that has that IP assigned as a Domain Alias)… Unless you run each website on a separate port number (8080, 8081, etc). *Some Apache configurations/setups and some PHP web-app scripts might not work correctly, as they expect regular port 80 access.

While most mobile devices (including iOS and Android devices) have a Hosts file, those devices have to be jail-broken/rooted, and/or you have to go through complicated steps to modify their Hosts file. * If you edit the Hosts file, make sure you save it in it’s original encoding: ANSI.

Running your own DNS server is not recommended as it could be complicated to set up and operate, and the system it’s on has to always be On for everything else to work. If you do run your own DNS, you’ll need to set it’s LAN IP in the Router’s settings and make sure no other DNS servers are used (by the Router). DNSMasq is the recommended choice.

You can host multiple websites under 1 main domain-name/website by treating the other websites as folders: C:\WampDeveloper\Websites\main.domain.name\webroot\other.domain\


* Make sure to turn off any redirects of the Domain Aliases to the Primary Domain Name (*select website in WampDeveloper’s Websites Tab, click Settings; or just create a website with the LAN host-name as the Primary Domain Name, and the LAN IP as one of the Domain Aliases).

* Make sure to open (on the web-server) the Windows Firewall inbound port 80 (http) and 443 (https) connections (TCP and UDP). Windows Firewall will block these by default.

* If you are resolving domain-names to the Public IP (of the Router), make sure to update the Router’s settings to “port forward” incoming port 80 (http) and 443 (https) requests to the proper LAN IP of the web-server.

How to Uninstall WampDeveloper

Uninstalling WampDeveloper is very easy, but it is not done through Windows’ Control Panel\Programs and Features interface.

To uninstall WampDeveloper:

1. Go into WampDeveloper’s Components Tab.

2. At the very bottom, locate and click the “Uninstall WampDeveloper” link.

3. Proceed by clicking “Run Uninstallation Tasks”, then afterwards, once it’s done, click “Continue” to close it.

4. Once it’s finished and closed, delete the remaining C:\WampDeveloper\ folder to clear everything out (changes made, websites, databases, etc) and to start with a clean state before installing again.

* If Windows won’t let you delete the WampDeveloper folder, then some files inside it are still in use, just reboot/restart the system, then try deleting the folder once more.

* WampDeveloper is entirely self-contained (in it’s folder), and the uninstallation process does not delete any files – just in case you have websites and databases to keep. The task of deleting WampDeveloper’s folder is left to the user.

If you are uninstalling due to issues right after installation, you should go over this information:

Enabling IonCube Loader in WAMP

IonCube Loader enables WAMP servers such as WampDeveloper Pro to run encoded and secured PHP files. These files are usually commercial (not free) PHP scripts and apps that have been secured against reverse-engineering and piracy – such as WHMCS, vBulletin, Blesta, KBPublisher, and extensions/plugins for Joomla, WordPress, ExpressionEngine, etc.

To enable the IonCube PHP Extension in WampDeveloper Pro:

1. Open file php.ini -

2. Near the end of php.ini, locate the IonCube section -


3. Un-comment the load line for this extension (remove the ‘;’ character from the beginning of the line) -


4. Save file. Restart Apache.

Afterwards, IonCube will be loaded by PHP and you can verify this via phpinfo.php.

* Generally IonCube Loader should be loaded in php.ini before any of the other extra PHP Extensions.

* The latest IonCube Loader version can be downloaded from here http://www.ioncube.com/loaders.php, but it must match Apache’s + PHP’s compiler version (“VC11″ is Apache 2.4, “VC9″ is Apache 2.2, “VC6″ is Apache 2.0) and PHP run-type (“TS” is regular PHP / mod_php, “Non-TS” is PHP-FCGI). The newer versions can replace the older versions by simply copying-over …\Php\ext\ioncube_loader.dll.