Hosting a Website at home - apache

I am using WAMP with Apache 2.4.9 on Windows 8 64 bits.
I've set up port forwarding (for port 80) on my router and set up a static IP to my computer on my network.
I can access my website from my computer and from my network. But I cannot access it externally by typing my IP on the browser URL Bar.
I believe my ISP is blocking port 80 or preventing me to host a web server. How can I avoid such blocking?

There are a number of things that can catch you out while doing this, here are a few I know about.
You are entering your WAN ip address on a browser inside your router
Your ISP is actually blocking port 80
You are in some kind of compound/apartment block and your internet comes through a central entry point and therefore you are behind another router.
You are entering your WAN ip address on a browser inside your router
Most SOHO routers do not have the required technology i.e. loopback, to allow you to use your WAN ip address inside your router. SOLUTION: Tests should be done from outside you router i.e. Go out and use a friends internet connection to see if you can access your site, or use your phone while connected to the ISP network and not your own wifi.
Your ISP is actually blocking port 80
You can test this by changing the port number that your router is forwwarding to the PC's port 80. To do this do something like this:
Change your routers Port forwarding so that incoming port 8080 is forwarded to you local PC's port 80.
Now again use a internet connection outside your local network or your phones ISP network, and try connection to YOURIP:8080/
You are in some kind of compound/apartment block and your internet comes through a central entry point and therefore you are behind your router and another central router that you have no control over.
You can normally tell this is the case if your routers WAN ip addres is in one of these ranges i.e. a Private Network Address
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
If this is the case, you are probably not going to be able to get around this to your satisfaction. While whoever looks after this central router may claim they are not blocking port 80, of course by virtue of how a router work they are, they are just not actively blocking it. Even if you could get them to Port Forward their routers port 80 to yours, it would only ever work for you, so if 2 people wanted to do this they could not do that without adding some extra hardware to their network, and that is unlikely.
WARNING
You will see lots of advice on the web suggesting that changing this section of your httpd.conf file may cause Apache to allow you to access it from anywhere:
<Directory />
AllowOverride none
Require all denied
</Directory>
This section should not be changed from the above i.e. totally disallow any access.
The <Directory /> refers to the root directory of the drive that Apache is installed on.
The recomended mechanism of securing an Apache instance is to disallow any and all access to the root folder and all its subfolders, which the above syntax does. You then specifically Allow access only to the folders that Apache actually requires access to, which by default in WAMPServer should be done in this section:
<Directory "d:/wamp/www/">
...
</Directory>
Or in the Virtual Host definitions for each hosted site.
If you change the above to Require all allowed what you are saying is: If I get hacked, allow the hacker total access to all the folders on this drive. On unix this may not actually be so terrible as the basic ethos of unix is nobody can access anything unless authorised, so other security mechanisms may well stop access to any folder on the drive. But on Windows where the basic ethos is its your PC you can do anything you like with it this can be highly dangerous, and offers hackers a handy attack vector i.e. Apache and once they compromise Apache, this would basically give away the Crown Jewels very easily.

Some isp's will block to prevent you from hosting. You might check with an online port scanner to see if your port 80 is a tually open and forwarding. If you know your setup is right and that your ISP is indeed blocking, you can always port forward a different port and configure apache to listen on that different port.

Related

What am I missing with this Apache setup? Getting 408s in the access.log

I have a bit of a janky setup configured in an attempt to create a little test website that I can navigate to from a source external to my network. I'm working with a dynamic IP address which obviously isn't ideal, but this page isn't meant to be viewed by anyone. I'm using DuckDNS to route to my WAN IP, and that allows me to quickly update the dynamicIP that duckDNS points to in a flash when my Dynamic IP refreshes. I have ports 80 and 443 forwarded on my router to route to my webserver IP. I have apache configured to listen on ports 80 and 443.
I can hit the website internally from my computer and phone (when its on the network), but when I attempt to hit the site from an external source, I get 408s. I'm still a little new to apache, so I'm trying to see what I've missed here? What's weird is that I see the 408s in the access.log - so wouldn't that mean the attempt is at least making it to the webserver?

Port Forwarding for web hosting

I just got a raspberry pi for Christmas and I have just installed apache, php and all the required stuff to host my website. I want to use my raspberry pi as a web server for my website. I obviously need to port forward! Apache is running on port 80 how safe is it to forward port 80? I want to know if I port forward is my whole Wi-Fi now under threat from hackers ? If I am hacked, what can they compromise ? And finally I heard about changing the apache port to stop malicious bot port scanners, can I just change my port from 80 to anything or are there only certain ports ?
Thanks, Jamie
The thing is: if you want people's web browser to access your web app, it needs to be on standard ports (80 or 443 for HTTPS). You'll need to redirect connections to ports 80 and/or 443 on your raspberry pi ' local ip in the configuration of your router.
If you want to isolate your raspberry pi from the rest of your local network and that your router allow it, consider putting it in a dmz
Even if you were to redirect on a custom ports later to be listened to by Apache, it wouldn't change much in such a case. If you want to secure your server, there is several other options to consider (fail2ban, firewall rules, etc).
Last: from personal experience, raspberry pis make good web servers to experiment with. Have a lot of nerdy fun

Assign different port than 80 for Apache

i use OSX Mavericks that has built in Apache. I need to give access to a local website on my machine to someone , i did this many times before by enabling web sharing , opening port 80 for my local ip on the router and then by giving my is ip the website was live on the internet. Problem now is that i use the wifi connection from a friend and i cannot ask him for the router pass to open 80 as i am sure that he will not understand and maybe he even change the wifi pass. i checked the ports on the router and there are some open ports, i was wondering is it possible to change apache settings so it will listen to another port and then make the website publick by giving again my isp ip? i tried to nano httpd.conf and change Listen 80 to Listen 12345 (for example) so i thought that if my ip is 55.666.45.155 and i type 55.666.45.155:12345 my website will popup but it doesn't work.
Is this possible to do somehow?

Apache: how can I access my webpage from a computer outside my network?

I want to access my webpage from a computer outside the network. Our network has IPs like 192.168.0.1-192.168.0.255. The network is connected to Internet through a local gateway 192.168.0.1 and gets to DNS server 193.xxx.xxx.xxx.
Let's say my computer has the IP 192.168.0.50. How can I my website from my server (Apache) from a computer which is not from our network (let's say 254.231.52.xxx)?
Thank you!
Short answer:
The solution to this would be to find out the 'external IP' of your router and enable a port forwarding for port 80 and 443 to your local IP.
Long answer:
The Internet is divided into 'public' and 'private' IP spaces. Private IPs are usually not directly accessible from a 'public' IP.
The IPs from the 192.168.0.1-255 are from one of these private subnets.
Your router (at home) usually has multiple IPs. One or more from your local private network (192.168.0.X) and one from your local ISP (I guess something like 193.xxx.xxx.xxx because your DNS is in that network) which is from the 'public' space.
To connect to your computer with the private IP from a public IP like the mentioned 254.231.52.xxx you would have to connect to the public IP of your router (the 193... one). You would also have to enable a mechanism that is called 'port forwarding'. This effectivley takes all internet traffic arriving at the public IP of your router on the forwarded ports and transfers it to the private IP you configured the forwarding to.
E.g. 254.231.52.. -> 193...:80 -> 192.168...:80
Usually home routers have a configuration page where you can do this.
The required ports you would probably use are 80 (http) and 443 (https).
Another possibility is using so called http-proxies which are also usually supported as a configuration option one home routers. You should refer to the manual of your router for configuration instructions of this.
What you need is to identify your home computer from the whole internet in order to access from outside.
This tutorial can help you
http://kyokasuigetsu25.wordpress.com/2011/01/21/how-to-access-localhost-of-computers-outside-the-network/
But if you only have plain html files ( css, js too ) you could use Dropbox and share your sites folder. This way you could be working locally and files would be synced to your public folder
Hope it helps
If you have sufficient privilege to configure the router (on the gateway machine), then you can use "port forwarding" to do that.
Go to your router settings and configure it so that it forwards the packets it receives on port 80 to your machine. Assuming your router has a valid IP itself (say x.x.x.x) you can access your Apache server on: http://x.x.x.x/.
You can use any other port instead of 80 and access your Apache through http://x.x.x.x:PORT/ of course.
If you don't have sufficient privileges, then nothing comes to my mind except using reverse tunneling using SSH or similar protocols.
Most gateways (router) have an VirtualServer option which you can point to the local server (192.168.0.50)
You could use something like dyndns.org to setup a permanent hostname to your server. i.e. mylocalserver.dyndns.org
A public name for your machine needs to be set up in DNS to point to your networks' router. Then you will need to set up your router to redirect traffic for that name to the machine in question. Also the firewall needs to be set up to allow that.

Apache and IIS side by side (both listening to port 80) on windows2003

What are some good ways to do this? Is it even possible to do cleanly?
Ideally I'd like to use packet headers to decide which server should handle requests. However, if there is an easier/better way let me know.
It's impossible for both servers to listen on the same port at the same IP address: since a single socket can only be opened by a single process, only the first server configured for a certain IP/port combination will successfully bind, and the second one will fail.
You will thus need a workaround to achieve what you want. Easiest is probably to run Apache on your primary IP/port combination, and have it route requests for IIS (which should be configured for a different IP and/or port) to it using mod_rewrite.
Keep in mind that the alternative IP and port IIS runs on should be reachable to the clients connecting to your server: if you only have a single IP address available, you should take care to pick an IIS port that isn't generally blocked by firewalls (8080 might be a good option, or 443, even though you're running regular HTTP and not SSL)
P.S. Also, please note that you do need to modify the IIS default configuration using httpcfg before it will allow other servers to run on port 80 on any IP address on the same server: see Micky McQuade's answer for the procedure to do that...
I found this post which suggested to have two separate IP addresses so that both could listen on port 80.
There was a caveat that you had to make a change in IIS because of socket pooling. Here are the instructions based on the link above:
Extract the httpcfg.exe utility from the support tools area on the Win2003 CD.
Stop all IIS services: net stop http /y
Have IIS listen only on the IP address I'd designated for IIS: httpcfg set iplisten -i 192.168.1.253
Make sure: httpcfg query iplisten (The IPs listed are the only IP addresses that IIS will be listening on and no other.)
Restart IIS Services: net start w3svc
Start the Apache service
For people with only one IP address and multiple sites on one server, you can configure IIS to listen on a port other than 80, e.g 8080 by setting the TCP port in the properties of each of its sites (including the default one).
In Apache, enable mod_proxy and mod_proxy_http, then add a catch-all VirtualHost (after all others) so that requests Apache isn't explicitly handling get "forwarded" on to IIS.
<VirtualHost *:80>
ServerName foo.bar
ServerAlias *
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
</VirtualHost>
Now you can have Apache serve some sites and IIS serve others, with no visible difference to the user.
Edit: your IIS sites must not include their port number in any URLs within their responses, including headers.
You need at least mod_proxy and mod_proxy_http which both are part of the distribution (yet not everytime built automatically). Then you can look here: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
Simplest config in a virtualhost context is:
ProxyPass /winapp http://127.0.0.1:8080/somedir/
ProxyPassReverse /winapp http://127.0.0.1:8080/somedir/
(Depending on your webapp, the actual config might become more sophisticated. )
That transparently redirects every request on the path winapp/ to the windows server and transfers the resulting output back to the client.
Attention: Take care of the links in the delivered pages: they aren't rewritten, so you can save yourself lotsa hassle if you generally use relative links in your app, like
<a href=../pics/mypic.jpg">
instead of the usual integration nightmare of every link being absolute:
<a href="http://myinternalhostname/somedir/crappydesign.jpg">
THE LATTER IS BAD ALMOST EVERY SINGLE TIME!
For rewriting links in pages there's mod_proxy_html (not to confuse with mod_proxy_http!) but that's another story and a cruel one as well.
Either two different IP addresses (like recommended) or one web server is reverse-proxying the other (which is listening on a port <>80).
For instance: Apache listens on port 80, IIS on port 8080. Every http request goes to Apache first (of course). You can then decide to forward every request to a particular (named virtual) domain or every request that contains a particular directory (e.g. http://www.example.com/winapp/) to the IIS.
Advantage of this concept is that you have only one server listening to the public instead of two, you are more flexible as with two distinct servers.
Drawbacks: some webapps are crappily designed and a real pain in the ass to integrate into a reverse-proxy infrastructure. A working IIS webapp is dependent on a working Apache, so we have some inter-dependencies.
I see this is quite an old post, but came across this looking for an answer for this problem. After reading some of the answers they seem very long winded, so after about 5 mins I managed to solve the problem very simply as follows:
httpd.conf for Apache leave the listen port as 80 and 'Server Name' as FQDN/IP :80.
Now for IIS go to Administrative Services > IIS Manager > 'Sites' in the Left hand nav drop down > in the right window select the top line (default web site) then bindings on the right.
Now select http > edit and change to 81 and enter your local IP for the server/pc and in domain enter either your FQDN (www.domain.com) or external IP close.
Restart both servers ensure your ports are open on both router and firewall, done.
This sounds long winded but literally took 5 mins of playing about. works perfectly.
System:
Windows 8, IIS 8, Apache 2.2
Installing Windows 10 I had this problem: apache(ipv4) and spooler service(ipv6) listening the same 80 port.
I resolved editing apache httpd.conf file changing the line
Listen 80
to
Listen 127.0.0.1:80
That's not quite true. E.g. for HTTP Windows supports URL based port sharing, allowing multiple processes to use the same IP address and Port.
You will need to use different IP addresses. The server, whether Apache or IIS, grabs the traffic based on the IP and Port, which ever they are bound to listen to. Once it starts listening, then it uses the headers, such as the server name to filter and determine what site is being accessed. You can't do it will simply changing the server name in the request