Home
Blogs
Forums
News
Portfolios
Projects
Tutorials
35 users logged in
New? Learn about game development.
Before posting, review our community guidelines.
Follow Us
Chat in the GameDev.net Discord!
Mastodon
Back to General and Gameplay Programming

[web] Firewalling httpd

Started by
4 comments, last by carpo 17 years, 1 month ago
I run apache on my local machine, in order to run a CMS locally and then publish out to the webserver. I realised today that this of course means that I have a publicly accessible web server, and I haven't been too careful setting permissions... I don't have any real experience with *nix/web server security, so I was hoping you could provide some suggestions. Is there a way to configure ipfw to refuse incoming http requests (port 80 and 8080 I guess)? Or is there a way to configure apache to only honour requests from localhost (127.0.0.1)?

Tristam MacDonald. Ex-BigTech Software Engineer. Future farmer. [https://trist.am]

Advertisement
The most obvious way is to have Apache only bind to localhost - this will ensure that you can never connect from a foreign host, firewall or not.

This can be accomplished with one or more "Listen" directives, e.g.

Listen 127.0.0.1:8080


Would listen only on localhost on port 8080, unless you had other "Listen" directives. More than one is permitted - this is usually used for listening on multiple ports.

If *all* your "Listen" directives name localhost (or 127.0.0.1) explicitly, Apache should be entirely inaccessible externally.

Mark

Thanks, now I don't have to worry about someone coming in over cable and using php to wipe my hard drive :)

Tristam MacDonald. Ex-BigTech Software Engineer. Future farmer. [https://trist.am]

Uh, no. A Listen on localhost still allows other people to visit the webserver IIRC. YOu need this:

<Directory /path/to/webroot>    Order deny,allow    deny from all    allow from 127.0.0.1</Directory>

<hr />
Sander Marechal<small>[Lone Wolves][Hearts for GNOME][E-mail][Forum FAQ]</small>

I just realised that my local web server was probably never publicly accessible, since I am on an encrypted wireless network behind a firewalled router that does not forward ports 80 or 8080. Am I correct in this?

Tristam MacDonald. Ex-BigTech Software Engineer. Future farmer. [https://trist.am]

Yep, that's right. If your router does not forward port 80 to your machine, than the webserver will not be publicly accessible.

This topic is closed to new replies.

Advertisement

Popular Topics

Aybe One
How do you manage yourself and your time as years pass on? GDNet Lounge
Jikoob
Too many managers? General and Gameplay Programming
ReignOnU
Do your part to stop global warming and climate change GDNet Lounge
aigan
The promise of freedom in story games Game Design and Theory
robertrobert
Facebook Ads for sales on steam, does it work? Games Business and Law
AliAbdulKareem
Understanding the wavy-like shape in alpha-testing magnification for text rendering Graphics and GPU Programming
Advertisement

Recommended Tutorials

Alconost
9 Tips on Localizing Audio Music and Sound FX
c.hunter
From 0 to 2 million DAU: One Developer's Story Interviews
Myopic Rhino
Asian Game Developers Summit 2005, Day One Event Coverage
dave19067
Entities-Parts III: Serialization General and Gameplay Programming
GameDev.net
Installation Tools for Distributing Your Games Engines and Middleware

Reticulating splines

About GameDev.net
Community Guidelines
Terms of Service
Privacy Policy
Contact Us
Copyright (c) 1999-2024 GameDev.net, LLC
Back to Top