LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-08-2014, 09:28 PM   #1
lahirushanaka
Member
 
Registered: Oct 2012
Posts: 46

Rep: Reputation: Disabled
Question Apache port


Hi,

Is it possible to run apache only with https (443) and block port 80, then it is only work with https, can we configure Vhost only with https ? if it is possible, how can i do it ? is that okay to block port 80 from firewall, then hackers cant scan http headers.

realy i dont have adia of this can some one help me to resolve this

Last edited by lahirushanaka; 08-08-2014 at 09:31 PM.
 
Old 08-09-2014, 02:33 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
Absolutely, you would simply remove any "Listen" directives in your httpd.conf (or included file) which references that port number.
 
Old 08-09-2014, 03:03 AM   #3
lahirushanaka
Member
 
Registered: Oct 2012
Posts: 46

Original Poster
Rep: Reputation: Disabled
Thanks friend for infor, I will try this, one of our security staff scan our live server and send me a report with all the allow ports, services and version of the services, they are taking that infor reading by http header. so if i block that port they will not be able to read http header, Am I correct ?
 
Old 08-09-2014, 05:03 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
No, if they establish an HTTPS session the same information would be given to them, just over a secure connection. Really depends what they actually foudn as to how to deal with it.
 
Old 08-09-2014, 05:58 AM   #5
zer0python
Member
 
Registered: Sep 2003
Posts: 104

Rep: Reputation: 20
Quote:
Thanks friend for infor, I will try this, one of our security staff scan our live server and send me a report with all the allow ports, services and version of the services, they are taking that infor reading by http header. so if i block that port they will not be able to read http header, Am I correct ?
Having worked briefly in the security field before, one of the things you may be looking for, is the ServerName directive.
Take a look at http://www.nsa.gov/ia/_files/os/redh...guide-i731.pdf Section 3.16.3 on some things they may be scanning to check.

Also, here's some commands you can use to check your HTTP server.

Check headers over normal HTTP.
Quote:
~[sodapipe]$ echo -e "HEAD / HTTP/1.0\n" | nc google.com 80
HTTP/1.0 200 OK
Date: Sat, 09 Aug 2014 10:53:34 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=3748450eed14ffa7:FF=0:TM=1407581614:LM=1407581614:S=SIZQN1zZPkLb3MQ0; expires=Mon, 08-Aug-2016 10:53:34 GMT; path=/; domain=.google.com
Set-Cookie: NID=67=QEG71pNBaJJseXj6oNEorg-JyfJHGdyKy5AZgor23RI77Q1iI9DPw8UVxRJ0O--VLdhdqHeCs7A6HXIR0NW8BGfml8neQOJs_Zpzfm7H7PiUYuNuiLV91G_3_Pc97Bcx; expires=Sun, 08-Feb-2015 10:53:34 GMT; path=/; domain=.google.com; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accoun...&answer=151657 for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 80:quic
Check headers over SSL
Quote:
~[sodapipe]$ openssl s_client -connect google.com:443
HEAD / HTTP/1.0

HTTP/1.0 200 OK
Date: Sat, 09 Aug 2014 10:57:14 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=d2086ac119d0d435:FF=0:TM=1407581834:LM=1407581834:S=3mkNHWG9heO1ad-C; expires=Mon, 08-Aug-2016 10:57:14 GMT; path=/; domain=.google.com
Set-Cookie: NID=67=KJ0nAv8yhNsuZo_7-w6AsBppSS4zGr_OUNSYHTRlcyn9pWRdx9oivJ1s00D5fiH07UlJSs0_aA5GxoF52QLO5ImeMTnz8U4bGwRk_vPAXJH48Srw5iL-58RxzP4EsNym; expires=Sun, 08-Feb-2015 10:57:14 GMT; path=/; domain=.google.com; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accoun...&answer=151657 for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 443:quic

read:errno=0
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
running apache on different port than 80 dlugasx Linux - Server 2 09-02-2012 06:21 AM
Define Apache New Port fbgp2000 Linux - Networking 9 05-22-2010 07:56 AM
Configuring Automatic Redirects from port 80 to port 443 with bundled Apache server kaplan71 Fedora 1 12-28-2007 08:30 AM
If i change my apache port 80 to another port, can this affect google listings? Doomhammer Linux - Networking 4 03-16-2007 08:41 AM
changing Apache port GabeF Linux - Networking 5 10-07-2002 03:13 PM


All times are GMT -5. The time now is 04:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration