[GLLUG] apache 1.3
Clay Dowling
clay at lazarusid.com
Mon Dec 26 14:08:19 EST 2005
Caleb Cushing wrote:
> umm... right now my problem is I seem to be blocking apache with
> Iptables. I've posted
> <http://forums.gentoo.org/viewtopic-p-2983253.html#2983253> on my
> distro's forum. here's a copy of my firewall script.
> #allow access to the HTTP Server
> $IPTABLES -A INPUT --protocol tcp --dport 80 -j ACCEPT #3
> $IPTABLES -A INPUT --protocol tcp --dport 443 -j ACCEPT
Drop these two lines and nobody will be getting through to Apache. By
default it runs on port 80, and on port 443 if you've enabled secure
service and provided a certificate.
You should verify this with your specific Apache config file though.
The Port and Listen directives collectively define which ports and
addresses you need to block.
It's unlikely though that you would want to put a blanket block on port
80 on your web server. That will prevent any connections to the httpd
service. More likely you would want to block specific interfaces. This
might be better handled by configuration changes in httpd.conf rather
than your firewall. If your machine has multiple addresses, you can
configure Apache to listen only on certain ones (see Listen). If the
service doesn't listen on an interface nobody will be able to make a
connection.
If you really don't want anything seeing a service on port 80, just turn
Apache off. In that case it would just be taking up system resources
that could be put to better uses.
Clay Dowling
--
http://www.lazarusid.com/notes/
Lazarus Notes
Articles and Commentary on Web Development
More information about the linux-user
mailing list