I just got a raspberry pi for Christmas and I have just installed apache, php and all the required stuff to host my website. I want to use my raspberry pi as a web server for my website. I obviously need to port forward! Apache is running on port 80 how safe is it to forward port 80? I want to know if I port forward is my whole Wi-Fi now under threat from hackers ? If I am hacked, what can they compromise ? And finally I heard about changing the apache port to stop malicious bot port scanners, can I just change my port from 80 to anything or are there only certain ports ?
Thanks, Jamie
The thing is: if you want people's web browser to access your web app, it needs to be on standard ports (80 or 443 for HTTPS). You'll need to redirect connections to ports 80 and/or 443 on your raspberry pi ' local ip in the configuration of your router.
If you want to isolate your raspberry pi from the rest of your local network and that your router allow it, consider putting it in a dmz
Even if you were to redirect on a custom ports later to be listened to by Apache, it wouldn't change much in such a case. If you want to secure your server, there is several other options to consider (fail2ban, firewall rules, etc).
Last: from personal experience, raspberry pis make good web servers to experiment with. Have a lot of nerdy fun
Related
I am trying to run an ubuntu apache server on Google cloud platform, I have created the VM instances but I can't connect to any other port apart for from 80 and 22.
Here are all the things I've tried so far:
Created Firewall rules to allow ingress traffic to ports 21,20 and 443.
Created FireWall rules on the Ubuntu Machine itself
The only ports that seem to be open are the 80 and 22.
I also allowed both HTTP and HTTPS access in the VM settings
So Basically, what I am trying to do is to open ports on my server. I'm not sure what am doing wrong.
You have already installed apache, and it's running on the port 80 as you can see on the nmap test, a closed port just mean that there's no application running on that port, this is different to filtered, see this for more information, this confirms that your firewall rules are correct (you are allowing traffic from all sources 0.0.0.0/0). By now you should be able to access your website on the port 80, if not I suggest you to follow this GCP guide.
So, if you want to run apache on the port 443 you just need to change its configuration (basically you will need to get a certificate for your server, configure some related parameters and then create a virtualhost listening on the 443 port, there are many guides on the internet for this just google for "enable https apache [your_OS]"), that should be enough since the firewall rules on GCP and your instance appear to be properly configured.
I am using WAMP with Apache 2.4.9 on Windows 8 64 bits.
I've set up port forwarding (for port 80) on my router and set up a static IP to my computer on my network.
I can access my website from my computer and from my network. But I cannot access it externally by typing my IP on the browser URL Bar.
I believe my ISP is blocking port 80 or preventing me to host a web server. How can I avoid such blocking?
There are a number of things that can catch you out while doing this, here are a few I know about.
You are entering your WAN ip address on a browser inside your router
Your ISP is actually blocking port 80
You are in some kind of compound/apartment block and your internet comes through a central entry point and therefore you are behind another router.
You are entering your WAN ip address on a browser inside your router
Most SOHO routers do not have the required technology i.e. loopback, to allow you to use your WAN ip address inside your router. SOLUTION: Tests should be done from outside you router i.e. Go out and use a friends internet connection to see if you can access your site, or use your phone while connected to the ISP network and not your own wifi.
Your ISP is actually blocking port 80
You can test this by changing the port number that your router is forwwarding to the PC's port 80. To do this do something like this:
Change your routers Port forwarding so that incoming port 8080 is forwarded to you local PC's port 80.
Now again use a internet connection outside your local network or your phones ISP network, and try connection to YOURIP:8080/
You are in some kind of compound/apartment block and your internet comes through a central entry point and therefore you are behind your router and another central router that you have no control over.
You can normally tell this is the case if your routers WAN ip addres is in one of these ranges i.e. a Private Network Address
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
If this is the case, you are probably not going to be able to get around this to your satisfaction. While whoever looks after this central router may claim they are not blocking port 80, of course by virtue of how a router work they are, they are just not actively blocking it. Even if you could get them to Port Forward their routers port 80 to yours, it would only ever work for you, so if 2 people wanted to do this they could not do that without adding some extra hardware to their network, and that is unlikely.
WARNING
You will see lots of advice on the web suggesting that changing this section of your httpd.conf file may cause Apache to allow you to access it from anywhere:
<Directory />
AllowOverride none
Require all denied
</Directory>
This section should not be changed from the above i.e. totally disallow any access.
The <Directory /> refers to the root directory of the drive that Apache is installed on.
The recomended mechanism of securing an Apache instance is to disallow any and all access to the root folder and all its subfolders, which the above syntax does. You then specifically Allow access only to the folders that Apache actually requires access to, which by default in WAMPServer should be done in this section:
<Directory "d:/wamp/www/">
...
</Directory>
Or in the Virtual Host definitions for each hosted site.
If you change the above to Require all allowed what you are saying is: If I get hacked, allow the hacker total access to all the folders on this drive. On unix this may not actually be so terrible as the basic ethos of unix is nobody can access anything unless authorised, so other security mechanisms may well stop access to any folder on the drive. But on Windows where the basic ethos is its your PC you can do anything you like with it this can be highly dangerous, and offers hackers a handy attack vector i.e. Apache and once they compromise Apache, this would basically give away the Crown Jewels very easily.
Some isp's will block to prevent you from hosting. You might check with an online port scanner to see if your port 80 is a tually open and forwarding. If you know your setup is right and that your ISP is indeed blocking, you can always port forward a different port and configure apache to listen on that different port.
i use OSX Mavericks that has built in Apache. I need to give access to a local website on my machine to someone , i did this many times before by enabling web sharing , opening port 80 for my local ip on the router and then by giving my is ip the website was live on the internet. Problem now is that i use the wifi connection from a friend and i cannot ask him for the router pass to open 80 as i am sure that he will not understand and maybe he even change the wifi pass. i checked the ports on the router and there are some open ports, i was wondering is it possible to change apache settings so it will listen to another port and then make the website publick by giving again my isp ip? i tried to nano httpd.conf and change Listen 80 to Listen 12345 (for example) so i thought that if my ip is 55.666.45.155 and i type 55.666.45.155:12345 my website will popup but it doesn't work.
Is this possible to do somehow?
I'm using xampp as a testing host, but I want to be able to access it from anywhere. currently I can access it through localhost only, and through lan by typing my local ip, but not by typing my external ip from anywhere. I tried setting up apache vhosts, but I'm not sure what to put there, examples online aren't very clear, and I don't even know if it works. so if someone could give me a heads up, I'd appreciate!
Log into your router and set up port forwarding to your computer with xampp on it. You probably want to forward port 80 (default for http) to your computer's LAN IP. Then you should be able to access your xampp setup over the Internet by going to your external IP address.
first you need to make sure the incoming traffic on port 80 is not blocked by your firewall or ISP - see this video demo
then you need to configure your Router to forward:
incoming requests to your External IP port 80 towards your Internal IP port 80 - video demo here
and finally test if port open - see this demo
I installed Apache with WAMP. I want to make my computer as a server for my web page for make some experiment on my web site.But I can`t open my server in Internet. I can see it in http://localhost/mysite/index.html but when I try to reach it in another computer like http://myserverip/mysite/index.html it says server not responding. I am using wireless router and also forwarded to my LAN ip.
A few ideas:
check that apache is bound to your PC's internal IP rather than just localhost - run netstat -an and verify that you have local address 0.0.0.0:80 not 127.0.0.1:80
check that you're definitely forwarding port 80 from the router to your PC
check that you're not firewalling off the traffic, i.e. make sure there's an exception in the windows firewall for port 80 (and 443 if you're using HTTPS), or a program exception for httpd, or even try turning off the firewall temporarily whilst debugging this
find out if your ISP is blocking this - some won't let you run web servers from your home connection; you could try a different web port to see if that helps?
try connecting from some other machine - there could be some proxy configuration that's upsetting looping back into your PC