Bob Hauck <postmaster@localhost.localdomain> addressed the congregation thusly:

>
> Or read this about the Allow and Deny directives:
>

This was the advice I was going to give.

I run apache bound to 0.0.0.0:80 and let it listen on that port. I have my router
forwarding port80 to the webserver, so sites can be seen from outside.

BUT... I have admin pages locked down using ALLOW/DENY so that they're only
available from within my LAN. I also have quite a number of virtual sites so that
people can only access them via FQDN.

And yes, if someone tries sniffing the IP on port80 or bringing up the default
index page, they get a somewhat nasty surprise.

Richard: I can send you some example configs if you get stuck.