Allow only local access to apache server

monkeyman2000 · 06-26-2008, 02:29 PM

Hi, I am running an apache web server on my ubuntu linux desktop box, just for the purpose of running and testing local web applications. I do not want any computers other than my desktop to have access to the web server.

Is there a way to configure apache or linux networking so it is only possible to access my local web server from the local machine?

eliufoo · 06-26-2008, 02:55 PM

you can create an iptable rule that allows http (port 80) access to the local machine only. Iptables works by reading rules in sequantial order, once match is found it stops reading other proceeding rules.

you can have something like this

Quote:

iptables -A INPUT -t tcp --dport 80 -s localhost -j ACCEPT
iptables -A INPUT -t tcp --dport 80 -j DROP

regards,

msound · 06-26-2008, 05:56 PM

You can tell apache to only listen on the loopback interface: 127.0.0.1

Search your apache conf file for any Listen parameters and replace *:80 with 127.0.0.1:80

Cheers!

monkeyman2000 · 06-27-2008, 10:20 AM

Hi Elly,

when I try to do this I get an error:

Code:

$ sudo iptables -A INPUT -t tcp --dport 80 -s localhost -j ACCEPT
iptables v1.3.8: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information.

iptables --help does not include --dport as an option.

david1941 · 07-01-2008, 09:57 PM

Try preceding the tcp argument with a -p instead of a -t as the the -t defines what table to use and you don't want that! the --dport should work then.

Your entry -A will ADD or APPEND the rule to the INPUT table. You may want to -I to INSERT (default is before other rules in that chain). Insert the rule to DROP other --dport 80 before you insert your -s localhost or insert the DROP rule as the second rule by -I INPUT 2 to put it in the second position.

Maybe like this:

sudo /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sudo /sbin/iptables -I INPUT 2 -p tcp --dport 80 -j DROP

This puts them at the front of your rules and the first match rocks

Dave