I am running apache2.2 on my WinXP PC.
I want no body but a specified IP access the site.
I already use httpd.conf to deny other request.
But that's not enough, I now want to set apache to send no response, not 403.
To be simple, I want to hide my server, I don't want others know I am running a webserver.
You could bind the Apache server to localhost only. I've not tested it, but in ports.conf, you could change:
Listen 80
to
Listen 127.0.0.1:80
That would make apache bind to the IP address 127.0.0.1, which is only available from the machine itself.
This is clearly something very easy to do with a firewall, so you should try to install and configure a firewall.
On the apache side the only thing you could try is using mod_security with the "drop" action. Check this servfault answer for example. But if the connection is closed by apache an attacker could still see the connection was first accepted, so your web server is not really hidden.
Related
I have a problem, I had apache Solr installed and it uses localhost for access on webserver...
now I have installed Apache and startet httpd.exe and I get the warning / error:
Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for ServerName"
when I stop solr, I can start and use localhost for apache httpd...
but I want to have the possibility to use both webservices, how can I configure Apache to do that? and get access to service not with localhost, but with another domain name or some configuration in httpd.conf
I tried to change the line "ServerName www.example.com:80" in httpd.conf file but no effect,
sorry but I'm pretty new to webservers and Apache, how should I configure that?
You have several things mixed here:
Installing Solr should in no way be related to other questions, unless it is configured to run on port 80. If that is the case, you simply can not run two services on the same port so you have to pick, or just move Solr to 8080 or whatever.
Could not reliably determine... is just a friendly warning and will not prevent any functionality, and it should disappear when you add ServerName www.example.com:80 in httpd.conf
With default settings, Apache will respond to any http request that comes to port 80, so you don't have to configure anything there (and if you want to modify that, use VirtualHost). You can achieve reaching your webserver by other hostnames by editing hosts file on your machine. If you want others to be able to do that, you have to configure DNS (which is separate issue)
So, I'm pretty new to apache and I'm having some issues finding a solution to my answer.
I have a domain name abcdefg.com (for example) and I have a public facing Fedora apache webserver on my home network at 192.168.10.10. I then have another machine that is a proxmox VE server at 192.168.10.20.
I know I can forward ports and just type [https://abcdefg.com:8006] to get to my proxmox server, but I want to be able to go to abcdefg.com/proxmox and it then somehow make a call to [https://192.168.10.20:8006] internally (https is required).
Can anyone point me in the right direction? I don't need to be spoonfed, I'm just not sure where to start looking. I've already figured out how to use the "Location" tags but its not working for this, seems to be a bit more involved.
--Cheers
You need to run a reverse proxy server, which Apache can do with a few extra mods. This will listen on a specific port (Let's say port 444 in your case) and send requests to whatever IP and port you specify behind the scenes.
See the following link for how to reverse proxy a site: Simple Apache reverse proxy example
Simply change the mywebsite.jamescoyle.net references to point to your internal proxmox box on port 8006 - eg.
ProxyPass https://192.168.10.20:8006/
ProxyPassReverse https://192.168.10.20:8006/
I've installeed wamp and it runs fine, all except if I want to access it I have to type in localhost:8080 (the 8080 is the port it listens to).
Can I make it so that it just works with localhost without requiring the port number to be entered and if so how?
Something else has already grabbed port 80, that is why it wont work.
Run
wampmanager->Apache->Service->Test port 80
This will launch a command window and tell you what is using port 80.
Whatever it is will need to be re-configured to use another port or for example if its IIS and you dont use IIS it should be un-installed.
Check this site for a bit more information: http://forum.wampserver.com/read.php?2,13744.
You're going to want to edit your http.conf file, searching for 8080, and replacing it with 80, where applicable. I know that is generic, but that is the best I can do without actually seeing your http.conf file.
You need to change the port Apache is listenning to.
Access apache/conf/httpd.conf under your WAMP directory.
In this file, there will be a "Listen 8080", change it to whatever port you want to.
You must restart Apache after this. It can be achieved using Services in Windows.
If the service does not restart (and you havent messed up your config file), it is because the port you chose is already in use and you wont be able to use it.
If you want to use multiple ports for each project, consider reading about Apache Virtual Hosting.
Hope I helped
I have apache installed listening to 8888, and port 8888 oppened, due the fact that 80 and 8080 are blocked by my ISP. I have no firewalls running.
The page hosted on my computer, works from some proxies like http://www.webproxyonline.info/ for example, but doesnt work from some others, like zend2.com.
I also tested to access the page from 2 dedicated servers that I own, but without success. I can ping my computer IP, but when I type wget myip:8888 i get nothing.
I also tried to run the code file_get_contents('http://myip:8888'); but no success too.
What can be causing this problem?
thanks.
UPDATED: PROBLEM SOLVED.
The problem is that the firewall CSF on my dedicated server was blocking outgoing traffic to my ip.... I just added my ip to the alloed list...
Um, if you're actually binding localhost (that is, 127.0.0.1), then it shouldn't be accessible from other machines. That's how localhost works. You need to bind a actual external IP address for your machine.
What are some good ways to do this? Is it even possible to do cleanly?
Ideally I'd like to use packet headers to decide which server should handle requests. However, if there is an easier/better way let me know.
It's impossible for both servers to listen on the same port at the same IP address: since a single socket can only be opened by a single process, only the first server configured for a certain IP/port combination will successfully bind, and the second one will fail.
You will thus need a workaround to achieve what you want. Easiest is probably to run Apache on your primary IP/port combination, and have it route requests for IIS (which should be configured for a different IP and/or port) to it using mod_rewrite.
Keep in mind that the alternative IP and port IIS runs on should be reachable to the clients connecting to your server: if you only have a single IP address available, you should take care to pick an IIS port that isn't generally blocked by firewalls (8080 might be a good option, or 443, even though you're running regular HTTP and not SSL)
P.S. Also, please note that you do need to modify the IIS default configuration using httpcfg before it will allow other servers to run on port 80 on any IP address on the same server: see Micky McQuade's answer for the procedure to do that...
I found this post which suggested to have two separate IP addresses so that both could listen on port 80.
There was a caveat that you had to make a change in IIS because of socket pooling. Here are the instructions based on the link above:
Extract the httpcfg.exe utility from the support tools area on the Win2003 CD.
Stop all IIS services: net stop http /y
Have IIS listen only on the IP address I'd designated for IIS: httpcfg set iplisten -i 192.168.1.253
Make sure: httpcfg query iplisten (The IPs listed are the only IP addresses that IIS will be listening on and no other.)
Restart IIS Services: net start w3svc
Start the Apache service
For people with only one IP address and multiple sites on one server, you can configure IIS to listen on a port other than 80, e.g 8080 by setting the TCP port in the properties of each of its sites (including the default one).
In Apache, enable mod_proxy and mod_proxy_http, then add a catch-all VirtualHost (after all others) so that requests Apache isn't explicitly handling get "forwarded" on to IIS.
<VirtualHost *:80>
ServerName foo.bar
ServerAlias *
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
</VirtualHost>
Now you can have Apache serve some sites and IIS serve others, with no visible difference to the user.
Edit: your IIS sites must not include their port number in any URLs within their responses, including headers.
You need at least mod_proxy and mod_proxy_http which both are part of the distribution (yet not everytime built automatically). Then you can look here: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
Simplest config in a virtualhost context is:
ProxyPass /winapp http://127.0.0.1:8080/somedir/
ProxyPassReverse /winapp http://127.0.0.1:8080/somedir/
(Depending on your webapp, the actual config might become more sophisticated. )
That transparently redirects every request on the path winapp/ to the windows server and transfers the resulting output back to the client.
Attention: Take care of the links in the delivered pages: they aren't rewritten, so you can save yourself lotsa hassle if you generally use relative links in your app, like
<a href=../pics/mypic.jpg">
instead of the usual integration nightmare of every link being absolute:
<a href="http://myinternalhostname/somedir/crappydesign.jpg">
THE LATTER IS BAD ALMOST EVERY SINGLE TIME!
For rewriting links in pages there's mod_proxy_html (not to confuse with mod_proxy_http!) but that's another story and a cruel one as well.
Either two different IP addresses (like recommended) or one web server is reverse-proxying the other (which is listening on a port <>80).
For instance: Apache listens on port 80, IIS on port 8080. Every http request goes to Apache first (of course). You can then decide to forward every request to a particular (named virtual) domain or every request that contains a particular directory (e.g. http://www.example.com/winapp/) to the IIS.
Advantage of this concept is that you have only one server listening to the public instead of two, you are more flexible as with two distinct servers.
Drawbacks: some webapps are crappily designed and a real pain in the ass to integrate into a reverse-proxy infrastructure. A working IIS webapp is dependent on a working Apache, so we have some inter-dependencies.
I see this is quite an old post, but came across this looking for an answer for this problem. After reading some of the answers they seem very long winded, so after about 5 mins I managed to solve the problem very simply as follows:
httpd.conf for Apache leave the listen port as 80 and 'Server Name' as FQDN/IP :80.
Now for IIS go to Administrative Services > IIS Manager > 'Sites' in the Left hand nav drop down > in the right window select the top line (default web site) then bindings on the right.
Now select http > edit and change to 81 and enter your local IP for the server/pc and in domain enter either your FQDN (www.domain.com) or external IP close.
Restart both servers ensure your ports are open on both router and firewall, done.
This sounds long winded but literally took 5 mins of playing about. works perfectly.
System:
Windows 8, IIS 8, Apache 2.2
Installing Windows 10 I had this problem: apache(ipv4) and spooler service(ipv6) listening the same 80 port.
I resolved editing apache httpd.conf file changing the line
Listen 80
to
Listen 127.0.0.1:80
That's not quite true. E.g. for HTTP Windows supports URL based port sharing, allowing multiple processes to use the same IP address and Port.
You will need to use different IP addresses. The server, whether Apache or IIS, grabs the traffic based on the IP and Port, which ever they are bound to listen to. Once it starts listening, then it uses the headers, such as the server name to filter and determine what site is being accessed. You can't do it will simply changing the server name in the request