PDA

View Full Version : Configuring Apache for local machine only, need to close port 80



deronsizemore
12-21-2005, 01:10 PM
This is kind of a follow up for my other post in this forum about my ISP.

Someone over at SitePoint recommended that I configure apache to only use the localhost address (127.0.0.1) by changing the "Listen" parameter in httpd.conf.

Can anyone explain how this is done or explain what I need to do to close the ports but still be able to use the apache server to test locally?

Westech
12-21-2005, 02:06 PM
When you say "test locally" do you mean that you'll be running your web browser on the same computer that's running apache, or do you mean that you'll be running your web browser on one machine on your local network and connecting to a second machine on your local network that's running apache?

deronsizemore
12-21-2005, 02:38 PM
When you say "test locally" do you mean that you'll be running your web browser on the same computer that's running apache, or do you mean that you'll be running your web browser on one machine on your local network and connecting to a second machine on your local network that's running apache?


Well the only thing I need the apache webserver for is to test like small php scripts and such so I do not have to upload them to my webserver and waste time that way.

So my web browser will be running the same machine as apache

Westech
12-21-2005, 03:05 PM
First, make a backup of your httpd.conf file in case you break something while editing it.

Open httpd.conf and find the line that begins with ServerName. Edit it so that it looks like this:

ServerName 127.0.0.1

Then find the line that begins with Listen and then an IP address or hostname. Edit it to look like this:

Listen 127.0.0.1

If you find a second "Listen" line that designates port 80, leave it alone. It should already read:

Listen 80

As long as the only listen lines in httpd.conf that are not commented out with a # are:

Listen 127.0.0.1
and
Listen 80

Then Apache will only accept connections from your local machine on port 80. Restart apache to make your changes take effect. You can test to see if it worked by typing 127.0.0.1 into your web browser. If it worked you should see a default apache page.

This is all off of the top of my head, but I think it should work. If it doesn't, just restore your original httpd.conf file from your backup and restart apache again and you'll be no worse off than you were before. ;)

If you want to be extra safe, you can also configure your firewall to block INBOUND connections on port 80. Make sure you don't block outbound port 80 or you won't be able to load any external webpages from that computer.

deronsizemore
12-21-2005, 03:56 PM
First, make a backup of your httpd.conf file in case you break something while editing it.

Open httpd.conf and find the line that begins with ServerName. Edit it so that it looks like this:

ServerName 127.0.0.1

Then find the line that begins with Listen and then an IP address or hostname. Edit it to look like this:

Listen 127.0.0.1

If you find a second "Listen" line that designates port 80, leave it alone. It should already read:

Listen 80

As long as the only listen lines in httpd.conf that are not commented out with a # are:

Listen 127.0.0.1
and
Listen 80

Then Apache will only accept connections from your local machine on port 80. Restart apache to make your changes take effect. You can test to see if it worked by typing 127.0.0.1 into your web browser. If it worked you should see a default apache page.

This is all off of the top of my head, but I think it should work. If it doesn't, just restore your original httpd.conf file from your backup and restart apache again and you'll be no worse off than you were before. ;)

If you want to be extra safe, you can also configure your firewall to block INBOUND connections on port 80. Make sure you don't block outbound port 80 or you won't be able to load any external webpages from that computer.


Thanks I'll try it. I haven't actually used it for a while, as I've not needed to. So ever since I got that email from my ISP I've just turned apache off. I'll try this and see how it goes. I appreciate the help!

deronsizemore
01-01-2006, 11:05 AM
Okay, sorry for the delay. But I did what you said and seems to have worked. When I type in 127.0.0.1 in my address bar I see the default apache page. So by seeing this, that should make it look like to my ISP that Port 80 is not open anymore correct?

AndyH
01-01-2006, 07:40 PM
Do you have a firewall?

Block port 80 if you do.

deronsizemore
01-01-2006, 08:02 PM
Yes, I have Kerio Personal Firewall. I've got Apache incoming blocked or "deny" as it is in Kerio, but I don't see anything that actually allows me to block port 80. Are you familiar with that firewall? It's quite good, I just don't see that feature...?

Nerpolllder
10-20-2014, 04:41 PM
I really liked this*information.