Welcome to WebmasterWorld Guest from 188.8.131.52
On my home computer I run an Apache 2 server with PHP and MySQL which I use solely for testing and developing web applications. However in a week's time I'm going to be connecting that computer to the internet.
Basically, is it safe to do so? Will people be able to access my files? If so, is there anything I can do to secure it?
Apologies for my ignorance, I don't know a great deal about these things.
a hardware router/firewall will face "the internet" and handle service requests to your IP address.
it translates some or all of these requests to a virtual IP address. (your computer)
you can easily configure the firewall to reject most requests unless they are in response to an outbound request.
for example you can specifically prevent inbound http service requests which would prevent outside access to your apache server.
Your router should have a configuration program or interface (often web based) to allow you to simply deny ALL incoming requests.
Linux has good firewalling capability. Still, I would use a hardware firewall/router. (The two terms have become confuzled lately...)
How do your protect the machine you currently use to browse the web?
If you are going to connect more than one computer to your Internet connection, you need a router anyway. Most/all modern routers include firewall protection.
The key technologies are NAT (Network Address Translation), stateful packet inspection, and application-level firewalling.
If you have DSL service, you may already have NAT built-in to your DSL modem. This is less common with cable modems. The built-in NAT may well be "good enough", but may lack the flexibility of dedicated firewall/routers.
Special needs that might be best addressed by a seperate firewall/router include providing access to servers, using file-sharing networks (BitTorrent, etc.), VOIP, etc.
All modern firewalls implement the first two, and many the third.
NAT translates between your internal network addresses to a single public address on the Internet. Generally, by default, NAT allows NOTHING in from the outside, other than responses to internally-generated requests (this is stateful packet inspection). If you want, for example, to allow access to a web server on your internal network (say, to allow a client to test) you have to go out of your way to enable that.
Application-level firewalling adds an awareness of higher-level protocols (such as HTTP, SMTP, etc.) and inspects for specific exploit patterns.
Specific to Apache, I use mod_security and mod_dosevasive to provide additional protection.
mod_security allow you to filter out specific behaviors while mod_dosevasive provides (some at least) protection against single sourced denial-of-service attacks.
Basically, is it safe to do so? Will people be able to access my files?
Do you need to allow any inbound access to your PC? Are you hoping to set up pages on your system that people on the outside will be able to view pages on your system? (I wouldn't recommend this...)
If you don't need the outside world to see your PC, simply block all inbound connections at your firewall....
joined:May 24, 2006
Also, your ISP probably has rules against hosting unless you have a static IP setup, and even then ISPs frown upon home users serving web pages.
Perhaps some clarification would be helpful.
BTW, I enjoy a 1mb/sec upstream speed (12mb down/1mb up) through a cable modem. However, it is of course against the provider's TOS to host a web site on the connection. And, frankly, that is just not acceptable for a website today. I can transfer FROM my datacenter-hosted website at the full 12mb/sec speed of my home downstream connection. I see speeds quite a bit higher than that when, say, loading software onto the site from repositories on the net.