What must I do to ensure that a web server (Apache) running on a machine is not accessible to the outside world?

You need to configure the server daemon to only bind to localhost using the Listen directive like this.

Up vote 1 down vote favorite share g+ share fb share tw.

I would like to use my laptop as a web development (PHP, Python, etc.) machine, but I'm hesitant to do this unless I can ensure that it can not be accessed by the outside world. I'm guessing that something more than a firewall is necessary, such as configurations to the Apache configuration files, but I'm not sure what else I would need to be 100% sure it's locked down tightly. Web-development webserver development-environment link|improve this question edited Jan 26 at 7:40oers4,5394820 asked Sep 22 '08 at 19:19Thomas Owens29.8k26108232 91% accept rate.

You need to configure the server daemon to only bind to localhost using the Listen directive like this: Listen 127.0.0.1 An alternative is to configure access control for the main server like this AllowOverride None Deny from all Allow from 127.0.0.1/255.0.0.0 Remember to put the root directory of your server in the Directory Directive.

So, for example, on Windows, a root directory might be C:\Program Files\Apache\HTTP Server\htdocs or something like that...I forgot the standard install path on WinXP, which is something I should know. – Thomas Owens Sep 22 '08 at 19:27 Yes ... this way you can allow the server to also have virtual hosts that are exposed. – Steve Moyer Sep 25 '08 at 4:10.

In the configuration file, change the LISTEN directive to only listen on the loop back address: Listen 127.0.0.1.

Install a firewall and close all external ports but those who you want to use. If you are using Linux, there are nice frontends for iptables such as firestarter, if you use OS X there is an integrated firewall and Windows has one too. :) But yes, the Firewall is the way to go.

(Or you can tell Apache to listen on 127.0.0.1:80 only).

A firewall should be sufficient. Just make sure that you run apache in a non-standard port (typically 8080) and make sure your firewall blocks outside access to that port.

Changing to a non standard port adds a minuscule amount of security, very close to non at all. If it's open a port scanner will catch it in less than half a second, and return a bunch of info on what server is running. – stephenbayer Sep 22 '08 at 19:25 The second part of my answer stated to have the firewall block outside access to that port.

The point being you probably don't want to block access to port 80 if you host other web apps. – Haacked Oct 22 '08 at 5:38.

Firewall should be enough. But you can use the Listen directive as well.

A firewall will do just fine. But if you won't settle for just a firewall you can configure apache to just listen on your loopback device, or tell it to just accept connections from a set of addresses on your lan. The first method is easier, but that way you can access the web pages only from the machine apache is running on.

Put a router between you and the internet, and don't forward any ports to your laptop. That way anyone trying to access the laptop hits the router and can't get any further. You can forward ports to your main machine (or just put the main machine in the DMZ) if you need it to be available to incoming connections.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.

Related Questions