Jump to content
  • Advertisement
Sign in to follow this  
swiftcoder

[web] Firewalling httpd

This topic is 4127 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I run apache on my local machine, in order to run a CMS locally and then publish out to the webserver. I realised today that this of course means that I have a publicly accessible web server, and I haven't been too careful setting permissions... I don't have any real experience with *nix/web server security, so I was hoping you could provide some suggestions. Is there a way to configure ipfw to refuse incoming http requests (port 80 and 8080 I guess)? Or is there a way to configure apache to only honour requests from localhost (127.0.0.1)?

Share this post


Link to post
Share on other sites
Advertisement
The most obvious way is to have Apache only bind to localhost - this will ensure that you can never connect from a foreign host, firewall or not.

This can be accomplished with one or more "Listen" directives, e.g.


Listen 127.0.0.1:8080


Would listen only on localhost on port 8080, unless you had other "Listen" directives. More than one is permitted - this is usually used for listening on multiple ports.

If *all* your "Listen" directives name localhost (or 127.0.0.1) explicitly, Apache should be entirely inaccessible externally.

Mark

Share this post


Link to post
Share on other sites
Uh, no. A Listen on localhost still allows other people to visit the webserver IIRC. YOu need this:


<Directory /path/to/webroot>
Order deny,allow
deny from all
allow from 127.0.0.1
</Directory>

Share this post


Link to post
Share on other sites
I just realised that my local web server was probably never publicly accessible, since I am on an encrypted wireless network behind a firewalled router that does not forward ports 80 or 8080. Am I correct in this?

Share this post


Link to post
Share on other sites
Yep, that's right. If your router does not forward port 80 to your machine, than the webserver will not be publicly accessible.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

Participate in the game development conversation and more when you create an account on GameDev.net!

Sign me up!