5

How can I make it that my local Apache installation works only as http://localhost/ and never from outside like using the IP of my machine when connected to a network please?

Francisc
  • 143
  • 1
  • 3
  • 11

4 Answers4

6

Could try:
order deny,allow
allow from 127.0.0.1
deny from all

in a .htaccess file. - I use a similar setup to allow an external website to allow all access from our office IP, but ask for a password from any other.

4

Change your current "Listen" line to "Listen 127.0.0.1:80"

http://httpd.apache.org/docs/current/mod/mpm_common.html#listen

cagenut
  • 4,808
  • 2
  • 23
  • 27
  • Can I add that in an .htaccess file? If so, can it just be used for some folders to allow access to some and in the root htdocs to disallow all? – Francisc Mar 30 '11 at 18:23
  • No thats a for-the-whole-server setting. What it does is tell the server to only even allow connections from localhost. – cagenut Mar 30 '11 at 18:34
  • How could I do that folder based so to speak. And just move or copy the .htaccess where I want. – Francisc Mar 30 '11 at 18:40
2

The easiest way would be to block ports 80 and 443 in the firewall for the machine that is hosting Apache. This would make external requests get blocked at the firewall.

Jay
  • 86
  • 1
  • 1
    That would work, but I'd much rather do it by .htaccess or httpd.conf if possible so that it's easier to allows / disallow people or even just allow some folders at given times etc. – Francisc Mar 30 '11 at 18:20
  • 1
    @Francisc : Doing this in httpd.conf will also provide an additional layer of protection in case iptables are accidentally disabled or mangled. You should still use iptables regardless, because then you have explicit control over which ports are open to the outside. – Stefan Lasiewski Mar 30 '11 at 19:05
  • I see. And it's a fair point, but when I need someone on the network to take a look and give him a link I don't want to have to ask him for his IP. The .htaccess solution would be ideal for my particular case. – Francisc Mar 30 '11 at 19:07
2

Some of this is borrowed from httpd.apache.org/docs/2.2/misc/security_tips.htm.

Add the following to httpd.conf :

  1. Restrict access to everything by default. This is from "Protect Server Files by Default":

    <Directory /> 
    Order Deny,Allow 
    Deny from all 
    </Directory>
    
  2. Then, allow access only in those areas you wish. In this example, /var/www/html is my DocumentRoot:

    DocumentRoot "/var/www/html"
    <Directory /var/www/html/> 
    Order Deny,Allow 
    Allow from 127.0.0.1 
    </Directory>
    
Stefan Lasiewski
  • 22,949
  • 38
  • 129
  • 184