Only Serve Local Requests

[Andy123]

Hey guys,

 

I want my Apache server to only serve requests that come from me (i.e. 127.0.0.1). I have tried the following:

 

httpd.conf:

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
Listen 127.0.0.1:80
Listen localhost:80
#Listen 80 # Default; works with this uncommented

 

I tried the two Listen entries above and the combinations of the two. It only works for me with the default entry.

 

I updated my virtual host like this:

 

httpd-vhosts.conf:

<VirtualHost 127.0.0.1:80> # This works with *:80 when listening on all IP addresses
ServerName work.dev
DocumentRoot "/my/path"

<Directory "/my/path">
DirectoryIndex index.php
Options FollowSymLinks Indexes
AllowOverride All
Order deny,allow
allow from All
</Directory>

</VirtualHost>

 

hosts:

127.0.0.1 work.dev

 

Does anyone know what I am doing wrong? Yes, I have restarted the Apache server. Thanks!

 

I am using OS X 10.8's built in Apache server.

Edited November 28, 2012 by Andy123

[requinix]

As the comments in that file say, Listen is about what address and port Apache itself listens on. That has absolutely nothing to do with where the user is located.

 

See the "allow from all" in your vhost configuration? Try changing that. Anybody else trying the site will get a 403.

[Andy123]

As the comments in that file say, Listen is about what address and port Apache itself listens on. That has absolutely nothing to do with where the user is located.

 

See the "allow from all" in your vhost configuration? Try changing that. Anybody else trying the site will get a 403.

 

Thank you for your answer, requinix. I am quite the rookie in regards to system administration, so I am afraid that my explanation of what I wanted to do was not very good.

 

What I am looking to do is not to reject other visitors from my web server; rather, I want to not allow them to even establish a connection to the web server or discover it. For instance, say I am on a network at my workplace. I do not want my web server to be public so that anyone else can access it or even know that I am running a web server; it shouldn't communicate with anything outside of my computer. That is why I tried to use "Listen".

 

I see now that my topic was very misleading and I apologize for that.

[requinix]

You're running a web server at work and you don't want anyone to know about it? Sounds awful suspicious.

 

Leave Apache at its defaults and make sure your firewall doesn't allow external connections to port 80 and/or the Apache. Actually, when you first started Apache you may have gotten a notification from Windows' firewall asking whether to allow or block connections.

[Andy123]

I don't have bad intensions because I don't just want no one to know about it, I also want no one to be able to connect to it. If no one can connect to it, no harm is done. ;-) I just thought I would make sure that I don't mess with any networks by running a web server, because I am also around less secure networks. I am on OS X, but I enabled the firewall (disabled as default - strange!), so I hope that helps. I just don't want to cause any trouble, that's the only reason I don't want my server to be out there in the open. I am not good at system or network administration, but I just figured that it was possible that a network admin wouldn't be happy to see that I was hosting a web server on their network. Maybe it's just me being paranoid.

[kicken]

If you make sure the only Listen directive is

Listen 127.0.0.1:80

 

Then that should work to prevent anyone from connecting.  That would cause apache to listen on a socket that only accepts connections from 127.0.0.1.  Setting up appropriate firewall rules would be a good option too.