[GLLUG] apache 1.3

Caleb Cushing xenoterracide at gmail.com
Mon Dec 26 14:10:56 EST 2005 

um... clay those 2 lines tell my firewall to accept all incoming packet's on
port 80 if I delete them I won't be able to even browse the web. and I
shouldn't be blocking anything outgoing... unless I'm wrong...

On 12/26/05, Clay Dowling <clay at lazarusid.com> wrote:
>
> Caleb Cushing wrote:
>
> > umm... right now my problem is I seem to be blocking apache with
> > Iptables. I've posted
> > <http://forums.gentoo.org/viewtopic-p-2983253.html#2983253> on my
> > distro's forum. here's a copy of my firewall script.
>
> > #allow access to the HTTP Server
> > $IPTABLES -A INPUT --protocol tcp --dport 80 -j
> ACCEPT                  #3
> > $IPTABLES -A INPUT --protocol tcp --dport 443 -j ACCEPT
>
> Drop these two lines and nobody will be getting through to Apache.  By
> default it runs on port 80, and on port 443 if you've enabled secure
> service and provided a certificate.
>
> You should verify this with your specific Apache config file though.
> The Port and Listen directives collectively define which ports and
> addresses you need to block.
>
> It's unlikely though that you would want to put a blanket block on port
> 80 on your web server.  That will prevent any connections to the httpd
> service.  More likely you would want to block specific interfaces.  This
> might be better handled by configuration changes in httpd.conf rather
> than your firewall.  If your machine has multiple addresses, you can
> configure Apache to listen only on certain ones (see Listen).  If the
> service doesn't listen on an interface nobody will be able to make a
> connection.
>
> If you really don't want anything seeing a service on port 80, just turn
> Apache off.  In that case it would just be taking up system resources
> that could be put to better uses.
>
> Clay Dowling
> --
> http://www.lazarusid.com/notes/
> Lazarus Notes
> Articles and Commentary on Web Development
>



--
The 10 commandments of Network Administration (www.newsforge.org)
I. Thou shalt make regular and complete backups
II. Thou shalt establish absolute trust in thy servers
III. Thou shalt be the first to know when something goes down
IV. Thou shalt keep server logs on everything
V. Thou shalt document complete and effective policies and procedures
VI. Thou shalt know what cable goes where
VII. Thou shalt use encryption for insecure services
VIII. Thou shalt not lose system logs when a server dies
IX. Thou shalt know the openings into your servers
X. Thou shalt not waste time doing repetitive and mundane tasks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.egr.msu.edu/mailman-archives/linux-user/attachments/20051226/9172b3b0/attachment.html

More information about the linux-user mailing list