Jump to content


Photo

Only Serve Local Requests


  • Please log in to reply
5 replies to this topic

#1 Andy123

Andy123

    Advanced Member

  • Members
  • PipPipPip
  • 134 posts
  • LocationDenmark

Posted 28 November 2012 - 03:57 AM

Hey guys,

I want my Apache server to only serve requests that come from me (i.e. 127.0.0.1). I have tried the following:

httpd.conf:
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
Listen 127.0.0.1:80
Listen localhost:80
#Listen 80 # Default; works with this uncommented

I tried the two Listen entries above and the combinations of the two. It only works for me with the default entry.

I updated my virtual host like this:

httpd-vhosts.conf:
<VirtualHost 127.0.0.1:80> # This works with *:80 when listening on all IP addresses
ServerName work.dev
DocumentRoot "/my/path"

<Directory "/my/path">
DirectoryIndex index.php
Options FollowSymLinks Indexes
AllowOverride All
Order deny,allow
allow from All
</Directory>

</VirtualHost>

hosts:
127.0.0.1 work.dev

Does anyone know what I am doing wrong? Yes, I have restarted the Apache server. ;) Thanks!

I am using OS X 10.8's built in Apache server.

Edited by Andy123, 28 November 2012 - 03:59 AM.

Blogging about PHP and other programming related subjects at CodingExplained.com.

#2 requinix

requinix

    Transforming Moderator

  • Moderators
  • 6,152 posts
  • LocationWA

Posted 28 November 2012 - 04:54 AM

As the comments in that file say, Listen is about what address and port Apache itself listens on. That has absolutely nothing to do with where the user is located.

See the "allow from all" in your vhost configuration? Try changing that. Anybody else trying the site will get a 403.

#3 Andy123

Andy123

    Advanced Member

  • Members
  • PipPipPip
  • 134 posts
  • LocationDenmark

Posted 28 November 2012 - 02:14 PM

As the comments in that file say, Listen is about what address and port Apache itself listens on. That has absolutely nothing to do with where the user is located.

See the "allow from all" in your vhost configuration? Try changing that. Anybody else trying the site will get a 403.


Thank you for your answer, requinix. I am quite the rookie in regards to system administration, so I am afraid that my explanation of what I wanted to do was not very good.

What I am looking to do is not to reject other visitors from my web server; rather, I want to not allow them to even establish a connection to the web server or discover it. For instance, say I am on a network at my workplace. I do not want my web server to be public so that anyone else can access it or even know that I am running a web server; it shouldn't communicate with anything outside of my computer. That is why I tried to use "Listen".

I see now that my topic was very misleading and I apologize for that.
Blogging about PHP and other programming related subjects at CodingExplained.com.

#4 requinix

requinix

    Transforming Moderator

  • Moderators
  • 6,152 posts
  • LocationWA

Posted 28 November 2012 - 02:46 PM

You're running a web server at work and you don't want anyone to know about it? Sounds awful suspicious.

Leave Apache at its defaults and make sure your firewall doesn't allow external connections to port 80 and/or the Apache. Actually, when you first started Apache you may have gotten a notification from Windows' firewall asking whether to allow or block connections.

#5 Andy123

Andy123

    Advanced Member

  • Members
  • PipPipPip
  • 134 posts
  • LocationDenmark

Posted 28 November 2012 - 05:06 PM

I don't have bad intensions because I don't just want no one to know about it, I also want no one to be able to connect to it. If no one can connect to it, no harm is done. ;-) I just thought I would make sure that I don't mess with any networks by running a web server, because I am also around less secure networks. I am on OS X, but I enabled the firewall (disabled as default - strange!), so I hope that helps. I just don't want to cause any trouble, that's the only reason I don't want my server to be out there in the open. I am not good at system or network administration, but I just figured that it was possible that a network admin wouldn't be happy to see that I was hosting a web server on their network. Maybe it's just me being paranoid. :)
Blogging about PHP and other programming related subjects at CodingExplained.com.

#6 kicken

kicken

    Wiser? Not exactly.

  • Gurus
  • 2,714 posts
  • LocationBonita, FL

Posted 29 November 2012 - 12:21 AM

If you make sure the only Listen directive is
Listen 127.0.0.1:80

Then that should work to prevent anyone from connecting.  That would cause apache to listen on a socket that only accepts connections from 127.0.0.1.  Setting up appropriate firewall rules would be a good option too.



Recycle your old CD's, don't trash them!
Did I help you out?  Feeling generous? I accept tips via Paypal or Bitcoin @ 14mDxaob8Jgdg52scDbvf3uaeR61tB2yC7




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com