As has been pointed out already, unless you are specifically forwarding http traffic from your router to your machine, your locally hosted stuff will only be available to you and the other computers on your local network.
To answer your question on restricting access to your webserver to just your machine. You can do this a couple of ways.
Remember, anytime you change apache configurations, you need to restart apache for those changes to take effect.
Method 1
If you want to limit everything on your local webserver to just your local machine, edit the file "/etc/apache2/httpd.conf". At approx line 195 you'll find a configuration block that looks similar to:
<Directory "/Library/WebServer/Documents">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks MultiViews
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
You are going to want to comment out the bottom two lines of that block and add in new rules
Deny from all
and
Allow from 127.0.0.1
that block should now look like:
<Directory "/Library/WebServer/Documents">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks MultiViews
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
#Order allow,deny
#Allow from all
Deny from all
Allow from 127.0.0.1
</Directory>
Method 2
You can also use .htaccess files to limit who has access to a directory. In order for .htaccess files to work you first need to enable them. Open the same file I referenced in method 1 (/etc/apache2/httpd.conf) and go to the same configuration block I mentioned before (at approx line 195). You'll need to change (at approx line 215):
AllowOverride None
to
AllowOverride All
Once you have done that you can create a file called .htaccess in any folder on your web server with the following information:
Deny from all
Allow from 127.0.0.1
That will prevent anyone besides your local machine from accessing the contents of that folder or any of it's subfolders.
Conclusion
Method 1 has the benefit of not having to worry about accidentally deleting .htaccess files or worrying about multiple configurations. Method 2 makes it very simple to only restrict access to certain directories of your webserver.
Also note that the .htaccess file must include that period at the beginning of the file name (it's .htaccess not htaccess) and that when you want to view your local webserver you have to do so by going to http://localhost (you can't use [your computer name].local).
Best Answer
Based on your comment that when you go to site.local:8080 you get a white page with the words "It Works!" similar to the screen capture below
What you are seeing is the webpage based on the global server configuration where the DocumentRoot is whatever default MAMP is set for.
You mention in your OP that
Apache isn't going to render your webpage as a HTML list (unless you tell it to). More than likely what you are seeing is a directory listing similar to this:
You get that listing because of the line
Options Indexes FollowSymLinks
in yourhttpd.conf
file. If you want to disable this, remove the word Indexes from that line and the listing will no longer show up.Your Virtual Host Configuration
First, we need to understand how Apache handles virtual host requests. From the Apache documentation:
If you notice, your host that is defined the global server configuration is the same as the virtual host.
This is probably where you are getting your error.
Now, my fix for this is a bit more involved initially, but infinitely more efficient because I try to avoid turing my machine into both a client and a server. I do all my development on a Mac with a Virtual Machine running my AMP server. This way I can mirror my production environment much closer and I don't have unnecessary services (like Apache and MySQL) running on OS X; they are all relegated to the VM. The VM has it's own IP, own server name, everything so when I point my browser to it, I know what results to expect.
I have a write up on how to install a FreeBSD VM on VirtualBox running on a Mac that has autostart enabled. If you are interested, I can share it with you.