Mac Config Newbie question

I want to shut off my root directory so that hackers pinging random ip
addresses won't receive a response, but allow access to files in my home
directory.

For example:
http://***.***.***.***/ ->No error page, no index page, nothing.
http://***.***.***.***/myUserName/ ->normal response
How can I do that?

I can write a cgi and alter the config file, though it's mostly
gibberish to me and I'm only a little unix savvy.

Can anybody help?

"Jim B." <jayspame@comcast.net> wrote in
news:NNudnTyHZ8hadanbnZ2dnUVZ_rylnZ2d@comcast.com:

>
> I want to shut off my root directory so that hackers pinging random ip
> addresses won't receive a response, but allow access to files in my
home
> directory.
>
> For example:
> http://***.***.***.***/ ->No error page, no index page, nothing.
> http://***.***.***.***/myUserName/ ->normal response
> How can I do that?
>
> I can write a cgi and alter the config file, though it's mostly
> gibberish to me and I'm only a little unix savvy.
>
> Can anybody help?
>

Yes, you can. But, http://***.***.***.***/ does not automatically point
to your root folder. It points to whatever you have set as the
DocumentRoot in your http.conf file. Simply point it to
c:/..../myUserName/

If you really want to do it your way simply put no files into your
DocumentRoot, be sure DirectoryIndex is turned off, then create a sub
folder of your DocumentRoot named myUserName

Then make sure all the permissions allow reading to your new folder.






--

----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

Mark <mtaylor*@*lrim.com> wrote in news:1177873953_59209
@sp6iad.superfeed.net:

> "Jim B." <jayspame@comcast.net> wrote in
> news:NNudnTyHZ8hadanbnZ2dnUVZ_rylnZ2d@comcast.com:
>
>>
>> I want to shut off my root directory so that hackers pinging random ip
>> addresses won't receive a response, but allow access to files in my
> home
>> directory.
>>
>> For example:
>> http://***.***.***.***/ ->No error page, no index page, nothing.
>> http://***.***.***.***/myUserName/ ->normal response
>> How can I do that?
>>
>> I can write a cgi and alter the config file, though it's mostly
>> gibberish to me and I'm only a little unix savvy.
>>
>> Can anybody help?
>>
>
> Yes, you can. But, http://***.***.***.***/ does not automatically point
> to your root folder. It points to whatever you have set as the
> DocumentRoot in your http.conf file. Simply point it to
> c:/..../myUserName/
>
> If you really want to do it your way simply put no files into your
> DocumentRoot, be sure DirectoryIndex is turned off, then create a sub
> folder of your DocumentRoot named myUserName
>
> Then make sure all the permissions allow reading to your new folder.
>
>
>
>
>
>

Oh, and that won't stop the pings. It will simply not show any files. If
you want to stop the pings you have to firewall the ICMP packets. Are you
using DSL and a NAT'd router? It's one of the settings.




--

----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

In article <NNudnTyHZ8hadanbnZ2dnUVZ_rylnZ2d@comcast.com>,
"Jim B." <jayspame@comcast.net> wrote:

> For example:
> http://***.***.***.***/ ->No error page, no index page, nothing.
> http://***.***.***.***/myUserName/ ->normal response
> How can I do that?


as far as I can tell, Apache is not able to make no response to a
request. Even if no response body is sent by the server, the HTTP
headers are transmitted.
To do what you want to do, you'll have to use an application firewall
(aka. layer 7 firewall), or a sophisticated proxy.

patpro

--
http://www.patpro.net/

I'm using a D-Link router which does NAT. Maybe I was a little sloppy
using the word "ping," what I want to stop is requests on port 80 to the
web server's root directory. When I look at my log files, I get a lot
of people asking for the root index page, and when they get a response,
they start running a bunch of scripts looking for vulnerabilities. They
fill up the log and waste cpu cycles dealing with them and I'd like to
remain invisible to those type of people if possible while still serving
pages to people I give my home url to. It seems like this would be a
very common problem since so many people are on cable and they must all
be dealing with the same annoyance, though they might not be aware of it.

patpro ~ Patrick Proniewski wrote:
> In article <NNudnTyHZ8hadanbnZ2dnUVZ_rylnZ2d@comcast.com>,
> "Jim B." <jayspame@comcast.net> wrote:
>
>> For example:
>> http://***.***.***.***/ ->No error page, no index page, nothing.
>> http://***.***.***.***/myUserName/ ->normal response
>> How can I do that?
>
>
> as far as I can tell, Apache is not able to make no response to a
> request. Even if no response body is sent by the server, the HTTP
> headers are transmitted.
> To do what you want to do, you'll have to use an application firewall
> (aka. layer 7 firewall), or a sophisticated proxy.
>
> patpro
>

In article <op-dnWJlEPSDEKvbnZ2dnUVZ_jKdnZ2d@comcast.com>,
"Jim B." <jayspame@comcast.net> wrote:

> I'm using a D-Link router which does NAT. Maybe I was a little sloppy
> using the word "ping," what I want to stop is requests on port 80 to the
> web server's root directory. When I look at my log files, I get a lot
> of people asking for the root index page, and when they get a response,
> they start running a bunch of scripts looking for vulnerabilities. They
> fill up the log and waste cpu cycles dealing with them and I'd like to
> remain invisible to those type of people if possible while still serving
> pages to people I give my home url to. It seems like this would be a
> very common problem since so many people are on cable and they must all
> be dealing with the same annoyance, though they might not be aware of it.

it's a very common annoyance, if you really want to avoid this, you can
switch your apache to another port (8080 for example, or whatever suits
you). Your only limitation is that you'll have to give the port number
along with the URL, say http://your-ip:8080/your-home/ so that people
can see your web site.

patpro

--
http://www.patpro.net/