Block outside access to Apache

Discussion in 'all things UNIX' started by Andz, Jan 19, 2013.

Thread Status:
Not open for further replies.
  1. Andz

    Andz Registered Member

    Joined:
    Jan 9, 2013
    Posts:
    75
    I have MediaWiki installed on my Ubuntu desktop with Apache HTTP Server. My goal is to make sure no one can snoop into my wiki through my 802.11 or Bluetooth adapters. How can I accomplish this?

    I never use wireless functions on my computer.

    One option I have considered is to completely uninstall those adapters. Another option which I am especially interested in is using iptables to drop all packets that come through 802.11 or Bluetooth, while leaving my current iptables configuration working for the hard wired ethernet connection. Is anyone savvy enough with iptables to know how to do that?

    Any other thoughts are appreciated too.
     
  2. java dude

    java dude Registered Member

    Joined:
    Aug 5, 2011
    Posts:
    75
    There are two ways:

    1. Force Apache to listen on the loopback interface. Open httpd.conf (I think it's located in /etc/apache2 on Ubuntu) with your favorite editor and replace all occurrences of:
    Code:
    *:80
    with:
    Code:
    127.0.0.1:80
    2. Add iptables rules to allow connections to port 80 by localhost, and drop all others:

    Code:
    # sudo iptables -I INPUT -p tcp --dport 80 -s localhost -j ACCEPT
    # sudo iptables -I INPUT 2 -p tcp --dport 80 -j DROP
     
Loading...
Thread Status:
Not open for further replies.