Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

apache security for intranet: "listen 80" vs. "listen 127.0.0.1:8

Status
Not open for further replies.
pulper

pulper

Programmer
Aug 18, 2006
2
CA
hi everyone:

i just started with apache and am using it for an intranet to host a calendar for everyone in our small office.

i cannot get apache to start if i list in the ports.conf file (ubuntu) the ip address of the network computers followed by the port (for example 192.168.0.101:80). i get an error which i cannot remember right now (am on a computer away from work).

however, if i use "listen 80", then i can access the apache server from another computer.

if i use "listen 80", am i opening the server to the internet? this is something that i want to avoid, which is why i wanted to list the ip addresses specifically.

thanks,

paul
 
Sort by date Sort by votes
The Listen directive tells Apache on which ports on which locally-defined IP addresses to listen for connections.

If you tell Apache:

Listen 80

Then Apache will listen for connections on port 80 on every IP address configured on the server itself.


If you specify an IP address:

Listen 192.168.0.101:80

Then you are telling Apache to listen on port 80 only for those connections arriving at that IP address no the server. The IP address specified must be configured on the server for this version of the directive to work.


So, going to the subject line of this thread, if you specify:

Listen 127.0.0.1:80

then you have directed Apache to listen on port 80 only on the localhost port. This will lock out everyone not on the server itself, as 127.0.0.1 is localhost.


If you want to lock down your site so that the Apache will only accept connections from certain IP addresses, you need to look at the Order directive


Whether or not the outside world will be able to get to your server depends on manythings. First, the router at your border with the internet must have a static IP mapping from a routable IP address to an address on your server (this is because you seem to be using 192.168.x.x non-routeable addresses in your network). Second, your built-into-the-kernel Linux firewall must allow these connections to arrive at the system. Third, Apache must be listening on that locally-defined IP address to which the static map points. Fourth, your Order, Deny and Allow statements must allow connections from the outside world.



Want the best answers? Ask the best questions! TANSTAAFL!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kristiandg
  • Locked
  • Question
Linux, "port mirror" between two boxes...
Replies
0
Views
224
kristiandg
kristiandg
Krus1972
  • Locked
  • Question
Rewrite Rule for .htaccess Help
Replies
0
Views
240
Krus1972
Krus1972
AbidingDude
  • Locked
  • Question
Newbie Apache Cache Question
Replies
5
Views
334
AbidingDude
AbidingDude
gregor weertman
  • Locked
  • Question
set samba "template shell" dependent on group
Replies
0
Views
133
gregor weertman
gregor weertman
krabban
  • Locked
  • Question
Dirvish for backup
Replies
0
Views
224
krabban
krabban

Part and Inventory Search

Sponsor

Back
Top