homepage Welcome to WebmasterWorld Guest from 54.167.179.48
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Connecting An Apache Server To The Internet
Apache Testing Server and Internet Connection?
markdr

5+ Year Member



 
Msg#: 3169583 posted 5:12 pm on Nov 27, 2006 (gmt 0)

Hi.

On my home computer I run an Apache 2 server with PHP and MySQL which I use solely for testing and developing web applications. However in a week's time I'm going to be connecting that computer to the internet.

Basically, is it safe to do so? Will people be able to access my files? If so, is there anything I can do to secure it?

Apologies for my ignorance, I don't know a great deal about these things.

Mark

 

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3169583 posted 6:30 pm on Nov 27, 2006 (gmt 0)

You need a firewall if you are going to connect a server to the internet. Otherwise, you may expect intrusions within a few seconds.

Combined firewall/routers are available for less than $100 U.S.

Jim

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3169583 posted 12:10 am on Nov 28, 2006 (gmt 0)

just to expand on jim's reply:

a hardware router/firewall will face "the internet" and handle service requests to your IP address.
it translates some or all of these requests to a virtual IP address. (your computer)

you can easily configure the firewall to reject most requests unless they are in response to an outbound request.

for example you can specifically prevent inbound http service requests which would prevent outside access to your apache server.

markdr

5+ Year Member



 
Msg#: 3169583 posted 5:18 pm on Nov 28, 2006 (gmt 0)

Ok, thanks for the help guys. Will a software router like McAfee do?

Matt Probert

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3169583 posted 5:40 pm on Nov 28, 2006 (gmt 0)

Not really. If you get a broadband connection you may well have a hardware firewall built in to the router. If not, the Belkin routers have one. Your local network (LAN) is one separate network, the connection to the Internet is via the router and the two are solidly kept apart.

Your router should have a configuration program or interface (often web based) to allow you to simply deny ALL incoming requests.

Matt

jtara

WebmasterWorld Senior Member jtara us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 3169583 posted 7:33 pm on Nov 28, 2006 (gmt 0)

What OS are you running on this machine?

Linux has good firewalling capability. Still, I would use a hardware firewall/router. (The two terms have become confuzled lately...)

How do your protect the machine you currently use to browse the web?

If you are going to connect more than one computer to your Internet connection, you need a router anyway. Most/all modern routers include firewall protection.

The key technologies are NAT (Network Address Translation), stateful packet inspection, and application-level firewalling.

If you have DSL service, you may already have NAT built-in to your DSL modem. This is less common with cable modems. The built-in NAT may well be "good enough", but may lack the flexibility of dedicated firewall/routers.

Special needs that might be best addressed by a seperate firewall/router include providing access to servers, using file-sharing networks (BitTorrent, etc.), VOIP, etc.

All modern firewalls implement the first two, and many the third.

NAT translates between your internal network addresses to a single public address on the Internet. Generally, by default, NAT allows NOTHING in from the outside, other than responses to internally-generated requests (this is stateful packet inspection). If you want, for example, to allow access to a web server on your internal network (say, to allow a client to test) you have to go out of your way to enable that.

Application-level firewalling adds an awareness of higher-level protocols (such as HTTP, SMTP, etc.) and inspects for specific exploit patterns.

jexx

10+ Year Member



 
Msg#: 3169583 posted 9:07 pm on Nov 28, 2006 (gmt 0)

If you have a router with more advanced capabilities, one-to-one (when dedicated IPs are used) NATs for only specific ports (80 and 443 for me) are a good way to reduce load on the stateful packet filtering firewall. I also find this practice simplifies my infrastructure (I am able to configure all web servers with internal IPs and just change the mapping on the router if I decide to switch providers).

Specific to Apache, I use mod_security and mod_dosevasive to provide additional protection.
mod_security allow you to filter out specific behaviors while mod_dosevasive provides (some at least) protection against single sourced denial-of-service attacks.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3169583 posted 10:04 pm on Nov 28, 2006 (gmt 0)

If you don't want people to easily find your Apache server, move it to some wacky port like 8118 or something, then you can access it by appending ":8118" to the Apache requests and others won't know where to find it without port scanning.

webdoctor

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3169583 posted 10:14 am on Nov 30, 2006 (gmt 0)

Basically, is it safe to do so? Will people be able to access my files?

Do you need to allow any inbound access to your PC? Are you hoping to set up pages on your system that people on the outside will be able to view pages on your system? (I wouldn't recommend this...)

If you don't need the outside world to see your PC, simply block all inbound connections at your firewall....

menriquez



 
Msg#: 3169583 posted 5:14 pm on Nov 30, 2006 (gmt 0)

If you are using a home DSL/cable, you had better be aware that your upstream bandwidth is only 32-46kbps. This is going to make it very slow for most surfers to access you home website. If you have more than 2-3 people your site will drag.

Also, your ISP probably has rules against hosting unless you have a static IP setup, and even then ISPs frown upon home users serving web pages.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3169583 posted 6:45 pm on Nov 30, 2006 (gmt 0)

If you are using a home DSL/cable, you had better be aware that your upstream bandwidth is only 32-46kbps

You might want to shop for a new provider as my cable has 300kbps upstream.

Not great, but it's as good as it gets here.

jtara

WebmasterWorld Senior Member jtara us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 3169583 posted 8:22 pm on Nov 30, 2006 (gmt 0)

Actually, the poster never stated that he planned on making the machine available for incoming connections from the Internet. Just that he was connecting a machine to the Internet that is currently isolated from it.

Perhaps some clarification would be helpful.

BTW, I enjoy a 1mb/sec upstream speed (12mb down/1mb up) through a cable modem. However, it is of course against the provider's TOS to host a web site on the connection. And, frankly, that is just not acceptable for a website today. I can transfer FROM my datacenter-hosted website at the full 12mb/sec speed of my home downstream connection. I see speeds quite a bit higher than that when, say, loading software onto the site from repositories on the net.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved