How can I make it that my local Apache installation works only as http://localhost/ and never from outside like using the IP of my machine when connected to a network please?
Asked
Active
Viewed 2.0k times
4 Answers
6
Could try:
order deny,allow
allow from 127.0.0.1
deny from all
in a .htaccess file. - I use a similar setup to allow an external website to allow all access from our office IP, but ask for a password from any other.
Chris Kaufmann
- 141
- 2
-
Hm, I'll give that a go. I suppose I can set the root to only take localhost and set `all` for allow if I want to allow acces to /myfolder/ ? – Francisc Mar 30 '11 at 18:47
-
1I just tried that and it worked for a sub-folder. – Chris Kaufmann Mar 30 '11 at 19:01
-
I've written this in the .htaccess and it's giving a 500.
Order deny,allow Deny from all Allow from 127.0.0.1 – Francisc Mar 30 '11 at 19:13 -
1@Francisc : Look for the error in the ErrorLog. That may provide more information on why you are receiving a 500 error. – Stefan Lasiewski Mar 31 '11 at 18:19
-
1I'm no expert on .htaccess, but not sure you need the
directives at all. Should work recursively without it. – Chris Kaufmann Mar 31 '11 at 18:21 -
Oh but you are, that was it. Thank you. I feel safer now. :) – Francisc Mar 31 '11 at 20:52
4
Change your current "Listen" line to "Listen 127.0.0.1:80"
http://httpd.apache.org/docs/current/mod/mpm_common.html#listen
cagenut
- 4,808
- 2
- 23
- 27
-
Can I add that in an .htaccess file? If so, can it just be used for some folders to allow access to some and in the root htdocs to disallow all? – Francisc Mar 30 '11 at 18:23
-
No thats a for-the-whole-server setting. What it does is tell the server to only even allow connections from localhost. – cagenut Mar 30 '11 at 18:34
-
How could I do that folder based so to speak. And just move or copy the .htaccess where I want. – Francisc Mar 30 '11 at 18:40
2
The easiest way would be to block ports 80 and 443 in the firewall for the machine that is hosting Apache. This would make external requests get blocked at the firewall.
Jay
- 86
- 1
-
1That would work, but I'd much rather do it by .htaccess or httpd.conf if possible so that it's easier to allows / disallow people or even just allow some folders at given times etc. – Francisc Mar 30 '11 at 18:20
-
1@Francisc : Doing this in httpd.conf will also provide an additional layer of protection in case iptables are accidentally disabled or mangled. You should still use iptables regardless, because then you have explicit control over which ports are open to the outside. – Stefan Lasiewski Mar 30 '11 at 19:05
-
I see. And it's a fair point, but when I need someone on the network to take a look and give him a link I don't want to have to ask him for his IP. The .htaccess solution would be ideal for my particular case. – Francisc Mar 30 '11 at 19:07
2
Some of this is borrowed from httpd.apache.org/docs/2.2/misc/security_tips.htm.
Add the following to httpd.conf :
Restrict access to everything by default. This is from "Protect Server Files by Default":
<Directory /> Order Deny,Allow Deny from all </Directory>Then, allow access only in those areas you wish. In this example,
/var/www/htmlis my DocumentRoot:DocumentRoot "/var/www/html" <Directory /var/www/html/> Order Deny,Allow Allow from 127.0.0.1 </Directory>
Stefan Lasiewski
- 22,949
- 38
- 129
- 184