Sign in to follow this  
swiftcoder

[web] Firewalling httpd

Recommended Posts

swiftcoder    18437
I run apache on my local machine, in order to run a CMS locally and then publish out to the webserver. I realised today that this of course means that I have a publicly accessible web server, and I haven't been too careful setting permissions... I don't have any real experience with *nix/web server security, so I was hoping you could provide some suggestions. Is there a way to configure ipfw to refuse incoming http requests (port 80 and 8080 I guess)? Or is there a way to configure apache to only honour requests from localhost (127.0.0.1)?

Share this post


Link to post
Share on other sites
markr    1692
The most obvious way is to have Apache only bind to localhost - this will ensure that you can never connect from a foreign host, firewall or not.

This can be accomplished with one or more "Listen" directives, e.g.


Listen 127.0.0.1:8080


Would listen only on localhost on port 8080, unless you had other "Listen" directives. More than one is permitted - this is usually used for listening on multiple ports.

If *all* your "Listen" directives name localhost (or 127.0.0.1) explicitly, Apache should be entirely inaccessible externally.

Mark

Share this post


Link to post
Share on other sites
Sander    1332
Uh, no. A Listen on localhost still allows other people to visit the webserver IIRC. YOu need this:


<Directory /path/to/webroot>
Order deny,allow
deny from all
allow from 127.0.0.1
</Directory>

Share this post


Link to post
Share on other sites
carpo    122
Yep, that's right. If your router does not forward port 80 to your machine, than the webserver will not be publicly accessible.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this