Block all inbound packets to the port (80 and 443?) you are using at the border router. Use authentication, for added safety.

If you're behind a cable modem, chances are that a) you're behind a NAT and b) inbound ports 80 and 443 are blocked. Cable providers generally block access to well-known ports on their customers devices so that they can sell 'business' levels of access which do not include such restrictions. As an added bonus, it removes a vector for worms and other kinds of nastiness.

This is easy enough to check; find the IP address if your workstation. If it's an RFC1918 IP address (see [mirrors.rcn.net ], section 3 for the address ranges), then your workstation in not directly accessible from the outside. To determine whether ports 80/443 are blocked, find the IP address the internet sees you as and try and visit that IP in a browser *not* on the linux server. You can get your IP address from (among many, many other places) [dnsstuff.com ]; the IP address will be in the paragraph underneath all the text fields. If you can't hit port 80 on that IP from a browser while your webserver is up, you should be fine.

Of course, you should monitor your access logs, just to be sure. ;)

The easiest way IMHO is to configure Apache only to bind to the loop-back address 127.0.0.1
[httpd.apache.org...]

Then the webserver will only be availably via the IP 127.0.0.1, which always means "the local machine".