Jump to content

Only Serve Local Requests


Andy123

Recommended Posts

Hey guys,

 

I want my Apache server to only serve requests that come from me (i.e. 127.0.0.1). I have tried the following:

 

httpd.conf:

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
Listen 127.0.0.1:80
Listen localhost:80
#Listen 80 # Default; works with this uncommented

 

I tried the two Listen entries above and the combinations of the two. It only works for me with the default entry.

 

I updated my virtual host like this:

 

httpd-vhosts.conf:

<VirtualHost 127.0.0.1:80> # This works with *:80 when listening on all IP addresses
ServerName work.dev
DocumentRoot "/my/path"

<Directory "/my/path">
DirectoryIndex index.php
Options FollowSymLinks Indexes
AllowOverride All
Order deny,allow
allow from All
</Directory>

</VirtualHost>

 

hosts:

127.0.0.1 work.dev

 

Does anyone know what I am doing wrong? Yes, I have restarted the Apache server. ;) Thanks!

 

I am using OS X 10.8's built in Apache server.

Edited by Andy123
Link to comment
Share on other sites

As the comments in that file say, Listen is about what address and port Apache itself listens on. That has absolutely nothing to do with where the user is located.

 

See the "allow from all" in your vhost configuration? Try changing that. Anybody else trying the site will get a 403.

Link to comment
Share on other sites

As the comments in that file say, Listen is about what address and port Apache itself listens on. That has absolutely nothing to do with where the user is located.

 

See the "allow from all" in your vhost configuration? Try changing that. Anybody else trying the site will get a 403.

 

Thank you for your answer, requinix. I am quite the rookie in regards to system administration, so I am afraid that my explanation of what I wanted to do was not very good.

 

What I am looking to do is not to reject other visitors from my web server; rather, I want to not allow them to even establish a connection to the web server or discover it. For instance, say I am on a network at my workplace. I do not want my web server to be public so that anyone else can access it or even know that I am running a web server; it shouldn't communicate with anything outside of my computer. That is why I tried to use "Listen".

 

I see now that my topic was very misleading and I apologize for that.

Link to comment
Share on other sites

You're running a web server at work and you don't want anyone to know about it? Sounds awful suspicious.

 

Leave Apache at its defaults and make sure your firewall doesn't allow external connections to port 80 and/or the Apache. Actually, when you first started Apache you may have gotten a notification from Windows' firewall asking whether to allow or block connections.

Link to comment
Share on other sites

I don't have bad intensions because I don't just want no one to know about it, I also want no one to be able to connect to it. If no one can connect to it, no harm is done. ;-) I just thought I would make sure that I don't mess with any networks by running a web server, because I am also around less secure networks. I am on OS X, but I enabled the firewall (disabled as default - strange!), so I hope that helps. I just don't want to cause any trouble, that's the only reason I don't want my server to be out there in the open. I am not good at system or network administration, but I just figured that it was possible that a network admin wouldn't be happy to see that I was hosting a web server on their network. Maybe it's just me being paranoid. :)

Link to comment
Share on other sites

If you make sure the only Listen directive is

Listen 127.0.0.1:80

 

Then that should work to prevent anyone from connecting.  That would cause apache to listen on a socket that only accepts connections from 127.0.0.1.  Setting up appropriate firewall rules would be a good option too.

 

 

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.