is it possible to restrict public access to an apache web server in a way similar a ssh-server can restrict access via public keys?
Setting:
I've got a micro server with apache and a web-application. This application needs to be accessed only by less than 10 users. I want to exclude all others, esp. bots, hackers, etc.
Here is an idea: Use ssh tunnelling and firewall the webserver so it only accepts local addresses.
Related
I have Solr 6.6 running via Jetty.
I have successfully enabled basic authentication by modifying the etc/jetty.xml and etc/webdefault.xml . This question
I could also restrict access to Solr based on IP address by adding IPAccessHandler around the ContextHandlerCollection . This question
But what I want to achieve is to have authentication needed for requests coming from all external IPs except requests coming from localhost(127.0.0.1) . Localhost should be able to access Solr REST APIs without any authentication needed.
I think that I need to setup jetty to run 2 servers or 2 virtual hosts but I can't figure it out how exactly. Obviously the 2 servers (or virtual hosts) should be connected to the same Solr instance.
P.S.: It's acceptable if the requests from Localhost that need to be served without authentication, should be sent on a different port.
I have a LAMP(ubuntu-16.04, PHP) setup and while using it I am able to access it from home network, (phones, etc.) but for others it says that the site can't be reached. I go to my page via my IP and have no problem reaching it. Are there any steps that I can do? I have tried running node.js as well and i have the same problem there.
There is probably a firewall between your home and the Internet. A firewall prevents connections from the Internet. In fact, some one else, in another home, might have a computer with the same IPv4 address as you have. To make your web server public, you need a public IP address (globally allocated uniquely to you) and you need to route that address to your webserver.
Use a webserver proxy service such as PageKite.
Alternatively method:
Your router most likely already has a public IPv4 address. On http://192.168.1.1 or http://192.168.1.254 or a comparable administration page (usually accessible using the user admin with the password admin, or with a user with the same name as your ISP and that same name as password) you can configure your server as a public web server.
I have an instance of Solr (not Solrcloud) installed on my server, Apache/2.4.7 (Ubuntu), and would like to use with a php web application. I have password protected the admin page, but queries can still be run remotely. I want to restrict my Solr app so that it can only be queried (both read and write) by a web application (php, with Solarium) stored on the same server. What is the best way to do this?
This is more of a server administration question, so it would be better suited on Superuser. That being said, you have a few options:
Make Solr listen to connections on the internal or loopback interface only. This would be 127.0.0.1 or 192.168/16 etc. In solr.in.sh, you can send a parameter to Solr to tell it which IP it should bind to: SOLR_OPTS="$SOLR_OPTS -Djetty.host=127.0.0.1"
Configure your firewall to only allow connections from IPs that should be able to access Solr.
Configure Solr Authentication and Authorization. Zookeeper is required to make this work (you'll have to be running in SolrCloud mode).
Unpack the bundled jetty and set up authentication there. This is not really a good idea, as it will make it harder to upgrade.
The methods suggested in 1 & 2 can also be combined with a proxying / forwarding web server that performs authentication in front of the service (using mod_proxy and friends on other httpds) if you need the service to be exposed through a non-trusted interface.
I've migrated a website to Amazon ec2 that hooks into a service we are using that is installed on another server (not on Amazon). Access to the API for that service is IP-restricted and done by sending XML data using *http_build_query* & *stream_context_create* in PHP.
If I want to connect to the service from a new server, I need to ask the vendor to add the new IP first. I did that by sending the Elastic IP to them, but it doesn't work.
While trying to debug, I noticed that the output for $_SERVER['SERVER_ADDR'] is the private IP of the ec2 instance.
I assume that the server on the other side is receiving the same data, so it tries to authenticate the private IP.
I've asked the vendor to allow access from the private IP as well – it's not implemented yet, so I'm not sure if that solves the problem, but as far as I understand the way their API works, it will then try to parse data back to the IP it was contacted from, which shouldn't be possible because the server is outside the Amazon cloud.
I might miss something really obvious here. I added a command to rc.local (running CENT OS on my ec2 instance) that associates the elastic IP to the server upon startup by using ec2-associate-address, and this seemed to help make a MySQL connection to another outside server working, but no luck with the above mentioned API.
To rule out one thing - the API is accessed through HTTPS, with ports 80 and 443 (and a mysql port) enabled in security groups and tested. The domain and SSL are running fine.
Any hint highly appreciated - I searched a lot already, but couldn't find anything useful so far.
It sounds like both IPs (private and elastic) are active in your VM. Check by running ifconfig -a. If that's what's happening then the IP that gets used for external traffic will depend on the remote address and your VM's routing table. It could even vary from one connection to the next.
If that's what's going on then the quickest fix would be to ifconfig down the interface that has the private address. That should leave only the elastic address for all external connections. If that resolves the problem then you can script something that downs the private IP automatically after the elastic IP has been made active, or if the elastic IP will be permanently assigned to this VM and you really don't need the private IP then you can permanently disassociate the private IP from this VM.
I want to convert my pc to a web server. I installed centos server and apache server.
How I can make apache server public? I want to everyone access my web site on my pc via browser.
Thank you..
You have 2 ways, you can buy a domain and a static IP address for your computer (usually through the service provider) and configure your router and FW to allow access to the machine for port 80.
The other way is to use some sort of dynamic dns service like DynDNS to be able to bind a DNS to a dynamic IP address (you will need to run a daemon to update the account once in a while because your IP may change). The FW and router rules are still needed in this case as well.
After you do one of the these steps everyone should be able to access your apache server on your computer as long as it's on.