Secure Apache for local-only use!
December 31, 2005 7:03 PM Subscribe
ApacheFilter: I want to run Apache on my PC for testing purposes. I would like to be able to be connected to the internet when I do this, safe in the knowledge that I'm not leaving myself exposed. I only want myself to be able to access my stuff, from the local machine. How do I configure Apache to do this? I'm on WinXP Pro, running Apache 2.0.55.
I tried editing the httpd.conf file to listen to 127.0.0.1:80, but that meant Apache couldn't start. I've tried Googling, but all the articles seem to be about securing Apache when you want other people to be able to access your stuff, which is explicitly what I don't want.
I should note that I have Apache, PHP and MySQL all playing nicely together, so it's not a case of Apache not running. I'd just like to secure it so only I can use it from my machine, and use the internet at the same time. Thanks in advance for your help!
I tried editing the httpd.conf file to listen to 127.0.0.1:80, but that meant Apache couldn't start. I've tried Googling, but all the articles seem to be about securing Apache when you want other people to be able to access your stuff, which is explicitly what I don't want.
I should note that I have Apache, PHP and MySQL all playing nicely together, so it's not a case of Apache not running. I'd just like to secure it so only I can use it from my machine, and use the internet at the same time. Thanks in advance for your help!
Response by poster: When I tried to run Apache after applying the changes to the httpd.conf (listen to 127.0.0.1:80), the error was simply that the service couldn't start.
Shields Up! showed that 80 wasn't open, so if that's the case then am I free to assume that everything is ok by default?
posted by djgh at 7:14 PM on December 31, 2005
Shields Up! showed that 80 wasn't open, so if that's the case then am I free to assume that everything is ok by default?
posted by djgh at 7:14 PM on December 31, 2005
You should be OK, are you running firewalls or behind a router? Please paste the entire error message from a log, since about the only thing I would guess at this point is that 127.0.0.1 isn't resolving properly or something (not experienced with Apache on Windows).
posted by kcm at 7:17 PM on December 31, 2005
posted by kcm at 7:17 PM on December 31, 2005
Response by poster: I've got a firewall and a router.
I believe this would be the relevant part:
[Sat Dec 31 18:50:27 2005] [warn] (OS 995)The I/O operation has been aborted because of either a thread exit or an application request. : winnt_accept: Asynchronous AcceptEx failed.
[Sat Dec 31 18:50:28 2005] [notice] Child 2332: Released the start mutex
[Sat Dec 31 18:50:29 2005] [notice] Child 2332: Waiting for 250 worker threads to exit.
[Sat Dec 31 18:50:29 2005] [notice] Child 2332: All worker threads have exited.
[Sat Dec 31 18:50:29 2005] [notice] Child 2332: Child process is exiting
[Sat Dec 31 18:50:54 2005] [warn] pid file C:/Program Files/Apache Group/Apache2/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
After undoing my editing in the Listen section, everything works fine. Further Googling revealed this, but trying what they suggested (only difference being changing the server name - currently localhost) didn't work either.
posted by djgh at 7:28 PM on December 31, 2005
I believe this would be the relevant part:
[Sat Dec 31 18:50:27 2005] [warn] (OS 995)The I/O operation has been aborted because of either a thread exit or an application request. : winnt_accept: Asynchronous AcceptEx failed.
[Sat Dec 31 18:50:28 2005] [notice] Child 2332: Released the start mutex
[Sat Dec 31 18:50:29 2005] [notice] Child 2332: Waiting for 250 worker threads to exit.
[Sat Dec 31 18:50:29 2005] [notice] Child 2332: All worker threads have exited.
[Sat Dec 31 18:50:29 2005] [notice] Child 2332: Child process is exiting
[Sat Dec 31 18:50:54 2005] [warn] pid file C:/Program Files/Apache Group/Apache2/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
After undoing my editing in the Listen section, everything works fine. Further Googling revealed this, but trying what they suggested (only difference being changing the server name - currently localhost) didn't work either.
posted by djgh at 7:28 PM on December 31, 2005
You had:
Listen 80
ServerName 127.0.0.1:80
in your .conf?
posted by kcm at 7:33 PM on December 31, 2005
Listen 80
ServerName 127.0.0.1:80
in your .conf?
posted by kcm at 7:33 PM on December 31, 2005
Response by poster: Yes, and that would appear to have been the problem. Deleting the :80, and setting listen to 127.0.0.1 and listen 80 worked (i.e Apache started). So now that will do what I want it to? (Plus as you point out 80 is closed by default anyway, so that should be safe)
posted by djgh at 7:37 PM on December 31, 2005
posted by djgh at 7:37 PM on December 31, 2005
If a portscan comes up empty and/or there's protection in the middle as I mentioned, enjoy!
You can always check your access/error logs every once in awhile, but they should be emptier than Phil Helmuth's tact.
posted by kcm at 7:43 PM on December 31, 2005
You can always check your access/error logs every once in awhile, but they should be emptier than Phil Helmuth's tact.
posted by kcm at 7:43 PM on December 31, 2005
If you want to make sure it's only bound to the local interface, run "netstat -ano" or use something like TCPView to make sure it's really listening on 127.0.0.1:80 and not 0.0.0.0:80.
posted by Rhomboid at 7:44 PM on December 31, 2005
posted by Rhomboid at 7:44 PM on December 31, 2005
Response by poster: kcm - thanks!
Rhomboid - TCPView appeared to show that it's alright, so I think I'm set.
posted by djgh at 7:57 PM on December 31, 2005
Rhomboid - TCPView appeared to show that it's alright, so I think I'm set.
posted by djgh at 7:57 PM on December 31, 2005
This thread is closed to new comments.
posted by kcm at 7:09 PM on December 31, 2005