LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 06-26-2008, 03:29 PM   #1
monkeyman2000
Member
 
Registered: Oct 2003
Posts: 68

Rep: Reputation: 15
Allow only local access to apache server


Hi, I am running an apache web server on my ubuntu linux desktop box, just for the purpose of running and testing local web applications. I do not want any computers other than my desktop to have access to the web server.

Is there a way to configure apache or linux networking so it is only possible to access my local web server from the local machine?
 
Old 06-26-2008, 03:55 PM   #2
eliufoo
Member
 
Registered: Oct 2007
Posts: 71

Rep: Reputation: 15
you can create an iptable rule that allows http (port 80) access to the local machine only. Iptables works by reading rules in sequantial order, once match is found it stops reading other proceeding rules.

you can have something like this

Quote:
iptables -A INPUT -t tcp --dport 80 -s localhost -j ACCEPT
iptables -A INPUT -t tcp --dport 80 -j DROP
regards,
 
Old 06-26-2008, 06:56 PM   #3
msound
Member
 
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Rep: Reputation: 30
You can tell apache to only listen on the loopback interface: 127.0.0.1

Search your apache conf file for any Listen parameters and replace *:80 with 127.0.0.1:80

Cheers!
 
Old 06-27-2008, 11:20 AM   #4
monkeyman2000
Member
 
Registered: Oct 2003
Posts: 68

Original Poster
Rep: Reputation: 15
Hi Elly,

when I try to do this I get an error:

Code:
$ sudo iptables -A INPUT -t tcp --dport 80 -s localhost -j ACCEPT
iptables v1.3.8: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information.
iptables --help does not include --dport as an option.
 
Old 07-01-2008, 10:57 PM   #5
david1941
Member
 
Registered: May 2005
Location: St. Louis, MO
Distribution: CentOS6
Posts: 267

Rep: Reputation: 57
Try preceding the tcp argument with a -p instead of a -t as the the -t defines what table to use and you don't want that! the --dport should work then.


Your entry -A will ADD or APPEND the rule to the INPUT table. You may want to -I to INSERT (default is before other rules in that chain). Insert the rule to DROP other --dport 80 before you insert your -s localhost or insert the DROP rule as the second rule by -I INPUT 2 to put it in the second position.

Maybe like this:

sudo /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sudo /sbin/iptables -I INPUT 2 -p tcp --dport 80 -j DROP

This puts them at the front of your rules and the first match rocks

Dave
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to access local web server? Libertes Linux - Server 2 04-15-2008 08:11 AM
local desktop can't access server TheRudy Linux - Networking 1 09-24-2006 12:42 PM
How to access mysql server on local server ? Tancrede Linux - Newbie 2 04-09-2005 01:12 PM
Apache for local dev - block access from net? phlyersphan Linux - Software 1 07-05-2004 05:14 PM
no access for root on X-server (local) Li... Debian 11 02-16-2004 07:01 PM


All times are GMT -5. The time now is 10:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration