1

I am wondering if there is any additional security increase by choosing to run your webserver on an internal private ip address and port like xyz.ab.cd.efg:8080 versus localhost:8080 or 127.0.0.1:8080

If so, what does this mitigate against?

For this scenario lets assume that your webserver is serving some site example.com, and that the policy of the load balancer (which is the only interface for internet traffic routed inside your box), is told to only deliver traffic over HTTPS on 443, where once inside your box, local iptables are configured to route the traffic to your local webserver running on {localhost or 127.0.0.1 or xyz.ab.cd.efg}:8080.

user1709076
  • 149
  • 7

1 Answers1

1

I do not think there is any security increase, rather there would be a security decrease. The localhost or 127.0.0.1 is only accessible from the host computer, or the computer running the web server. A website listening to only 127.0.0.1 under normal conditions, would never be accessible to any other computer on the private network.

Using a private IP address, you open the webserver to all communications on the private network and communications that are forwarded by the load balancer, to the web server from the internet.

Amol Soneji
  • 346
  • 1
  • 5
  • Wasn't there some kind of security problem once by running an apache server on localhost, because any machine running apache on their 'localhost' could route into your admin end-points? – user1709076 Oct 15 '20 at 17:51