I have a bit of a janky setup configured in an attempt to create a little test website that I can navigate to from a source external to my network. I'm working with a dynamic IP address which obviously isn't ideal, but this page isn't meant to be viewed by anyone. I'm using DuckDNS to route to my WAN IP, and that allows me to quickly update the dynamicIP that duckDNS points to in a flash when my Dynamic IP refreshes. I have ports 80 and 443 forwarded on my router to route to my webserver IP. I have apache configured to listen on ports 80 and 443.
I can hit the website internally from my computer and phone (when its on the network), but when I attempt to hit the site from an external source, I get 408s. I'm still a little new to apache, so I'm trying to see what I've missed here? What's weird is that I see the 408s in the access.log - so wouldn't that mean the attempt is at least making it to the webserver?
Related
As a newbie set up mediawiki in apache httpd on my linux pc. In the corresponding .conf file "require all granted'" is set. The pc was assigned static IP 192.168.0.2 by the router. The port 80 of the pc is opened for any device. I visited http://192.168.0.2/mediawiki/index.php from the host. It worked as expected. Now I tried to visit the same address from my android phone connected to the same network and I was presented with the message "127.0.0.1 refused to connect" by chrome. I noticed that the part http://192.168.0.2 had been replaced by https://127.0.0.1 in the address bar. The same thing also occurred on Firefox on my phone. I can still visit http://192.168.0.2 from my phone and it works just fine. So what is happening here and how to solve this problem?
EDIT: The problem is solved. Mediawiki has this LocalSettings.php file which gets automatically created during installation. It contains a field "$wgServer" which is the "The protocol and server name to use in fully-qualified URLs" as shown in the documentation. This value was automatically set to "http://127.0.0.1" during the installation. Thereby whenever I was trying to connect to mediawiki from my phone I was actually getting redirected to that same phone. I changed the value to "http://192.168.0.2" and now everything is working fine!
Looks like something happened at the connection from your mobile phone to the pc hosting the web server.
Your configuration looks fine even tho you provided almost no details at all: according to your description, I suspect the problem is on your phone or on your router because the domain and url switched from 192.168.0.2 to 127.0.0.1 and the protocol switched from http to https.
You should try the same test from another pc connected to the same network.
You can have a better understanding of what's happening, testing the connection from command line using curl:
$ curl -v http://192.168.0.2/mediawiki/index.php
The output will give you some details of what's going on if the redirect was requested by the webserver or not.
My guess is that your apache is configured to listen to 127.0.0.1 or localhost (it's the default). Open httpd.conf or your virtual host configuration file and look for Listen. Here's some snippets from the official documentation:
The Listen directive tells the server to accept incoming requests only on the specified port(s) or address-and-port combinations. If only a port number is specified in the Listen directive, the server listens to the given port on all interfaces. If an IP address is given as well as a port, the server will listen on the given port and interface. Multiple Listen directives may be used to specify a number of addresses and ports to listen on. The server will respond to requests from any of the listed addresses and ports.
For example, to make the server accept connections on both port 80 and port 8000, on all interfaces, use:
Listen 80
Listen 8000
To make the server accept connections on port 80 for one interface, and port 8000 on another, use
Listen 192.0.2.1:80
Listen 192.0.2.5:8000
More information at
https://httpd.apache.org/docs/2.4/bind.html
I am using WAMP with Apache 2.4.9 on Windows 8 64 bits.
I've set up port forwarding (for port 80) on my router and set up a static IP to my computer on my network.
I can access my website from my computer and from my network. But I cannot access it externally by typing my IP on the browser URL Bar.
I believe my ISP is blocking port 80 or preventing me to host a web server. How can I avoid such blocking?
There are a number of things that can catch you out while doing this, here are a few I know about.
You are entering your WAN ip address on a browser inside your router
Your ISP is actually blocking port 80
You are in some kind of compound/apartment block and your internet comes through a central entry point and therefore you are behind another router.
You are entering your WAN ip address on a browser inside your router
Most SOHO routers do not have the required technology i.e. loopback, to allow you to use your WAN ip address inside your router. SOLUTION: Tests should be done from outside you router i.e. Go out and use a friends internet connection to see if you can access your site, or use your phone while connected to the ISP network and not your own wifi.
Your ISP is actually blocking port 80
You can test this by changing the port number that your router is forwwarding to the PC's port 80. To do this do something like this:
Change your routers Port forwarding so that incoming port 8080 is forwarded to you local PC's port 80.
Now again use a internet connection outside your local network or your phones ISP network, and try connection to YOURIP:8080/
You are in some kind of compound/apartment block and your internet comes through a central entry point and therefore you are behind your router and another central router that you have no control over.
You can normally tell this is the case if your routers WAN ip addres is in one of these ranges i.e. a Private Network Address
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
If this is the case, you are probably not going to be able to get around this to your satisfaction. While whoever looks after this central router may claim they are not blocking port 80, of course by virtue of how a router work they are, they are just not actively blocking it. Even if you could get them to Port Forward their routers port 80 to yours, it would only ever work for you, so if 2 people wanted to do this they could not do that without adding some extra hardware to their network, and that is unlikely.
WARNING
You will see lots of advice on the web suggesting that changing this section of your httpd.conf file may cause Apache to allow you to access it from anywhere:
<Directory />
AllowOverride none
Require all denied
</Directory>
This section should not be changed from the above i.e. totally disallow any access.
The <Directory /> refers to the root directory of the drive that Apache is installed on.
The recomended mechanism of securing an Apache instance is to disallow any and all access to the root folder and all its subfolders, which the above syntax does. You then specifically Allow access only to the folders that Apache actually requires access to, which by default in WAMPServer should be done in this section:
<Directory "d:/wamp/www/">
...
</Directory>
Or in the Virtual Host definitions for each hosted site.
If you change the above to Require all allowed what you are saying is: If I get hacked, allow the hacker total access to all the folders on this drive. On unix this may not actually be so terrible as the basic ethos of unix is nobody can access anything unless authorised, so other security mechanisms may well stop access to any folder on the drive. But on Windows where the basic ethos is its your PC you can do anything you like with it this can be highly dangerous, and offers hackers a handy attack vector i.e. Apache and once they compromise Apache, this would basically give away the Crown Jewels very easily.
Some isp's will block to prevent you from hosting. You might check with an online port scanner to see if your port 80 is a tually open and forwarding. If you know your setup is right and that your ISP is indeed blocking, you can always port forward a different port and configure apache to listen on that different port.
i use OSX Mavericks that has built in Apache. I need to give access to a local website on my machine to someone , i did this many times before by enabling web sharing , opening port 80 for my local ip on the router and then by giving my is ip the website was live on the internet. Problem now is that i use the wifi connection from a friend and i cannot ask him for the router pass to open 80 as i am sure that he will not understand and maybe he even change the wifi pass. i checked the ports on the router and there are some open ports, i was wondering is it possible to change apache settings so it will listen to another port and then make the website publick by giving again my isp ip? i tried to nano httpd.conf and change Listen 80 to Listen 12345 (for example) so i thought that if my ip is 55.666.45.155 and i type 55.666.45.155:12345 my website will popup but it doesn't work.
Is this possible to do somehow?
Here is my situation. I have a LAN at home, behind a regular router.
I have my server on 192.168.0.9, on this I have bind9 running, apache2 on port 80. Tomcat on port 8082 and another tomcat on port 8083.
I have successfully setup bind so that when I am inside my LAN I can enter:
app1.mylan.com Apache will reverse proxy this to app1.mylan.com:8082 and it shows in the browser as app1.mylan.com
Same goes for app2. (i.e. app2.mylan.com -> app2.mylan.com)
However, my router has dynamic dns setup.
How can I reach app1.mylan.com via dynamic dns. I've tried setting up a URL redirect with my DNS provider (even enabling cloaking)
but what happens is that in the browser, the apache server tries to serve up the content as if it was on port 80, and I get a 404.
It's as if the reverse proxy is not working due to the dyn dns.
Can this be done with dynamic dns???
Many thanks,
Kevin.
Yes, it certainly can be done. But it will require a few things and your description is a bit vague so I'll give you a fairly generic answer:
For it to work, every DNS entry for your zone must be changed to point to your external (dynamically changing) IP address. So when your router gets a new external address, you'll need to have dynamic DNS change the content of your zone to reflect this. You haven't said how you're doing this, but it sounds like you have it working. But if you're just running bind on your internal LAN and only changing it there, it won't work. If you own, for example, "mylan.com" then you need to tell ".com" that your name server has changed addresses too and that the authority has moved. It is unlikely you can do that change in an automated fashion. Instead, you'll likely need an external DNS provider for "mylan.com" that you can update without changing the registered NS records for mylan.com itself.
But to make it worse, if you have your internal LAN behind a NATing router (which is why you have 192.168....) then you need to tell the NAT box to do forwarding as well. Your NAT box will need to forward everything coming in to its address on port 53 (UDP and TCP both) to your internal box for DNS, and everything to port 80 to your internal box. And possibly 8082 and 8083 as well, but if you have the proxying set up properly this shouldn't be necessary.
I have apache installed listening to 8888, and port 8888 oppened, due the fact that 80 and 8080 are blocked by my ISP. I have no firewalls running.
The page hosted on my computer, works from some proxies like http://www.webproxyonline.info/ for example, but doesnt work from some others, like zend2.com.
I also tested to access the page from 2 dedicated servers that I own, but without success. I can ping my computer IP, but when I type wget myip:8888 i get nothing.
I also tried to run the code file_get_contents('http://myip:8888'); but no success too.
What can be causing this problem?
thanks.
UPDATED: PROBLEM SOLVED.
The problem is that the firewall CSF on my dedicated server was blocking outgoing traffic to my ip.... I just added my ip to the alloed list...
Um, if you're actually binding localhost (that is, 127.0.0.1), then it shouldn't be accessible from other machines. That's how localhost works. You need to bind a actual external IP address for your machine.