Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 06-26-2008, 02:29 PM   #1
Registered: Oct 2003
Posts: 68

Rep: Reputation: 15
Allow only local access to apache server

Hi, I am running an apache web server on my ubuntu linux desktop box, just for the purpose of running and testing local web applications. I do not want any computers other than my desktop to have access to the web server.

Is there a way to configure apache or linux networking so it is only possible to access my local web server from the local machine?
Old 06-26-2008, 02:55 PM   #2
Registered: Oct 2007
Posts: 71

Rep: Reputation: 15
you can create an iptable rule that allows http (port 80) access to the local machine only. Iptables works by reading rules in sequantial order, once match is found it stops reading other proceeding rules.

you can have something like this

iptables -A INPUT -t tcp --dport 80 -s localhost -j ACCEPT
iptables -A INPUT -t tcp --dport 80 -j DROP
Old 06-26-2008, 05:56 PM   #3
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Rep: Reputation: 30
You can tell apache to only listen on the loopback interface:

Search your apache conf file for any Listen parameters and replace *:80 with

Old 06-27-2008, 10:20 AM   #4
Registered: Oct 2003
Posts: 68

Original Poster
Rep: Reputation: 15
Hi Elly,

when I try to do this I get an error:

$ sudo iptables -A INPUT -t tcp --dport 80 -s localhost -j ACCEPT
iptables v1.3.8: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information.
iptables --help does not include --dport as an option.
Old 07-01-2008, 09:57 PM   #5
Registered: May 2005
Location: St. Louis, MO
Distribution: CentOS7
Posts: 267

Rep: Reputation: 58
Try preceding the tcp argument with a -p instead of a -t as the the -t defines what table to use and you don't want that! the --dport should work then.

Your entry -A will ADD or APPEND the rule to the INPUT table. You may want to -I to INSERT (default is before other rules in that chain). Insert the rule to DROP other --dport 80 before you insert your -s localhost or insert the DROP rule as the second rule by -I INPUT 2 to put it in the second position.

Maybe like this:

sudo /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sudo /sbin/iptables -I INPUT 2 -p tcp --dport 80 -j DROP

This puts them at the front of your rules and the first match rocks



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to access local web server? Libertes Linux - Server 2 04-15-2008 07:11 AM
local desktop can't access server TheRudy Linux - Networking 1 09-24-2006 11:42 AM
How to access mysql server on local server ? Tancrede Linux - Newbie 2 04-09-2005 12:12 PM
Apache for local dev - block access from net? phlyersphan Linux - Software 1 07-05-2004 04:14 PM
no access for root on X-server (local) Li... Debian 11 02-16-2004 06:01 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:36 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration