[GLLUG] apache 1.3

Clay Dowling clay at lazarusid.com
Mon Dec 26 14:08:19 EST 2005


Caleb Cushing wrote:

> umm... right now my problem is I seem to be blocking apache with 
> Iptables. I've posted 
> <http://forums.gentoo.org/viewtopic-p-2983253.html#2983253> on my 
> distro's forum. here's a copy of my firewall script.

> #allow access to the HTTP Server
> $IPTABLES -A INPUT --protocol tcp --dport 80 -j ACCEPT                  #3
> $IPTABLES -A INPUT --protocol tcp --dport 443 -j ACCEPT

Drop these two lines and nobody will be getting through to Apache.  By 
default it runs on port 80, and on port 443 if you've enabled secure 
service and provided a certificate.

You should verify this with your specific Apache config file though. 
The Port and Listen directives collectively define which ports and 
addresses you need to block.

It's unlikely though that you would want to put a blanket block on port 
80 on your web server.  That will prevent any connections to the httpd 
service.  More likely you would want to block specific interfaces.  This 
might be better handled by configuration changes in httpd.conf rather 
than your firewall.  If your machine has multiple addresses, you can 
configure Apache to listen only on certain ones (see Listen).  If the 
service doesn't listen on an interface nobody will be able to make a 
connection.

If you really don't want anything seeing a service on port 80, just turn 
Apache off.  In that case it would just be taking up system resources 
that could be put to better uses.

Clay Dowling
-- 
http://www.lazarusid.com/notes/
Lazarus Notes
Articles and Commentary on Web Development


More information about the linux-user mailing list