want to use apache web server only on local machine
This is a discussion on want to use apache web server only on local machine within the Windows Web Servers forums, part of the Web Server and Related Forums category; This might sound like a dumb question, but I don't know much about security. I installed Apache on my ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-04-2005
|
|||
|
|||
want to use apache web server only on local machine
This might sound like a dumb question, but I don't know much about
security. I installed Apache on my Windows XP computer in order to test my PHP web files locally before uploading to the web server. I'm worried about my computer being more vulnerable to attack now that I am running a web server. Is there a way to configure Apache so that I can only use it to display webpages locally on my machine, but disallow remote users from accessing the webserver? Thank you. |
|
09-04-2005
|
|||
|
|||
|
Re: want to use apache web server only on local machine
Lee wrote: > I installed Apache on my Windows XP computer in order to test my PHP > web files locally before uploading to the web server. I'm worried about > my computer being more vulnerable to attack now that I am running a web > server. Is there a way to configure Apache so that I can only use it to > display webpages locally on my machine, but disallow remote users from > accessing the webserver? Yes. However, in order to stack the odds, you should also disallow access using a firewall, preferably an external box rather than a "software firewall". Thor -- http://www.anta.net/OH2GDF |
|
09-04-2005
|
|||
|
|||
|
Re: want to use apache web server only on local machine
On 3 Sep 2005 17:54:54 -0700, "Lee" <craftystud-idol@yahoo.com> wrote:
>This might sound like a dumb question, but I don't know much about >security. > >I installed Apache on my Windows XP computer in order to test my PHP >web files locally before uploading to the web server. I'm worried about >my computer being more vulnerable to attack now that I am running a web >server. Is there a way to configure Apache so that I can only use it to >display webpages locally on my machine, but disallow remote users from >accessing the webserver? > >Thank you. 1. USE A FIREWALL, filtering port 80 / port 443. I recommend ZoneAlarm 2. modify or add a .htpasswd file to the document root directory Order deny,allow Deny from all Allow from dev.example.com, 127.0.0.1 http://httpd.apache.org/docs/2.0/howto/auth.html -- Terry My blog: http://www.TheNextWindow.com My website: http://www.TerryStockdale.com My tip site and newsletter: http://www.TerrysComputerTips.com |
|
09-06-2005
|
|||
|
|||
|
Re: want to use apache web server only on local machine
Lee wrote:
> This might sound like a dumb question, but I don't know much about > security. > > I installed Apache on my Windows XP computer in order to test my PHP > web files locally before uploading to the web server. I'm worried about > my computer being more vulnerable to attack now that I am running a web > server. Is there a way to configure Apache so that I can only use it to > display webpages locally on my machine, but disallow remote users from > accessing the webserver? It should be enough to bind Apache only to the loopback connector ie. localhost. Just adding this directive should suffice, if you also make sure you don't have Listen directives for other IPs: Listen 127.0.0.1 |
|
09-07-2005
|
|||
|
|||
|
Re: want to use apache web server only on local machine
Thanks for all your replies. I just realized that it will be cumbersome
to test whether the settings work or not b/c I don't have a second computer and internet connection to use to check the access to my webserver. I have a dsl connection, so I suppose I could try using a dial up modem to test it (will it work if I use the same computer but a different internet connection?). BTW, I'm wondering what is considered a more secure way of doing it - using the "Listen" directive? or the "Order/Deny/Allow" directive? Thanks. |
|
09-08-2005
|
|||
|
|||
|
Re: want to use apache web server only on local machine
Lee wrote:
> Thanks for all your replies. I just realized that it will be cumbersome > to test whether the settings work or not b/c I don't have a second > computer and internet connection to use to check the access to my > webserver. I have a dsl connection, so I suppose I could try using a > dial up modem to test it (will it work if I use the same computer but a > different internet connection?). You might go to one of the web sites that offer a "port scan" service e.g. Steve Gibson's "Shields Up" (http://www.grc.com/default.htm). > BTW, I'm wondering what is considered a more secure way of doing it - > using the "Listen" directive? or the "Order/Deny/Allow" directive? Listen is more secure, I'm sure. It allows you to control what ports are open on what IP addresses. Using Order/Deny/Allow the port will be open, but specific client IPs would be allowed or blocked. I think it would be harder to get past a closed port than a software check. Of course, you could do both. -- Jim Patterson Ottawa, Ont CANADA |
Linear Mode
