if I type in my IP address in the address bar, I can see my home server, this is because I am back here on my home network, right?

Depends. If the IP you enter is a LAN one, then yes, that would work for your LAN only. If you can access it using the external IP then others should be able to do the same.

Are you using your 'local address' i.e. 127.0.0.1 or 192.168.0.1, or are you using your 'ISP address' - the one that shows up in server logs when you access external web servers?

Not that I have a useful answer to your overall question, but if you're using your ISP address and seeing your server, then it sounds like you're "almost there."

Jim

First you would have set the IP in your httpd.conf file.
Is this your own unique IP, if yes then if you have a DNS pointed to that IP or domain & in your domain registrar you have your name servers set as the above then typing in your domain/IP will be no problem?

BTW why did Jim type that 192 IP - I cant access it though.

oooo learn another new thing :)

But mipapage getting it up is another thing, I thing it will be easily h*cked if so happens a hcker stumbles upon thine site? unless u've got firewall

[edited by: operafan at 6:59 am (utc) on Dec. 18, 2003]

operafan,

192.168.xx.xx is an IP address range reserved for internal networks. It is non-routable and cannot be used on the internet, only within an intranet like 127.0.xx.xx. There are several others.

(Typing quietly so as to not take the thread off-topic)

Jim

Hey everyone,

Thanks for the replies! even better becuase it seems that I am

almost there

as the IP that I was referring to was my ISP IP.

So what's next? I wanted to test this, so I'm thinking to wander on down to the local cyber cafe and see what I can do. I don't suppose that there is anywhere online where I could test this?

WRT hackers etc, I was going to set up some form of log in page and have an .htaccess make that the default entry spot.

I basically want this for me and for clients, so I'm not too worried about having DNS a pointed here either.
(for now, i'd have to have clients log in from our site, where they'd be redirected to our server).

Wow Mipapage, having that .htaccess is not even a lock. As long as your on the web serving from your own desktop be it linux/apache or windows/apache. You better secure it. It's the server as a whole in particular that is at risk.

From my experience or reading as long as you have the DNS pointed to the correct domain/IP , it's ready to serve the audience.

Well good luck with your project, it's real fun :)

Well, whaddya know. MSN'd with a buddy and he could see it plain as day.

Well, getting it live was easy! Now to protect it. Any suggestions of online resources appreciated, in the meantime I'm off to google. Thanks for the help everyone!

---

Well good luck with your project, it's real fun :)

<nervously> hehehaha..ha...

depends on which operating sys are you using - if linux - they have IPchains -windoz I dont know. Anyway I dont know much about firewalls - maybe zonealarm might help :)

We have a firewall up; I'm not sure how it is that port 80 is visible to the world, likely that I opened it up for our home network by allowing all computers in, rather than specifying which ones should have access.

Is there no other magic to be performed? No basic do's and don'ts that everyone *should* be doing?

Ditto what operafan said about it being fun, mipapage.

Have you looked at your log files yet?

When I exposed my computer's Apache server (I just use it for testing) to the whole Internet, within minutes there were TONS of entries from people trying to learn more about what was on my computer.

Thanks closed,

Yes, it quite fun, and yes, people have hit us! Neat stuff, though it seems that I've attracted the bad side of the neighboorhood as I've had some weird file requests...

I have a webserver that serves websites I designed and host for people and have another webserver entirely for development.

In your case you can still have your server at home not accessible from outside if you have not used the DNS pointer. Even at that, you can still instruct your router or configure your firewall detailing what Apache should do and not do. You can put Apache under lock and key :-)

Using some firewalls you can set the rules on what should be and not be.

I use a Foxserv WAMP distro on my W2K machine (just serving to a local LAN) and the only way I found to restrict access was in httpd.conf. (A Linux distro includes more options!) There probably are some options for a WAMP, a software firewall or restricting at the router are possibilities.

Or you could use a series of allow and deny directives in hpttd.conf, this is done on a directory by directory basis. For examle:
<Directory "/">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from 127.0.0.1
Allow from localhost
</Directory>
In this case, nobody gets to the site root except the machine that is running Apache.

Then:
<Directory "/var/www/html">
Options Indexes Includes FollowSymLinks ExecCGI MultiViews
AllowOverride All
Order allow,deny
Allow from 127.0.0.1
Allow from localhost
Allow from client IP here
</Directory>
allows specific clients access to the "html" directory, etc. (The "Options" and "AllowOverride" directives included are for example only, yours may need to be different, depends on what you want to permit your clients to do.)

This approach should offer good security but it could take some time to setup, depending how long your client list is and how many directories need attention.

Thanks for the responses!

DaveAtIFG, I like the idea, but we're going to be running our project management software on this server, and will need to allow our clients access from a lot of varying ip addresses, I would imagine.

The setup I went for was to put everything into a directory, call it... "safehouse". That directory contains all of our internal stuff, and is protected by an htaccess/htpsswd file combo. Visitors to our site are shunted either to index.php or they get a 404 page (and if they happen to know a path into 'safehouse' they get prompted for a password).

Index.php has a login - the client logs in and gets redirected to their specific area, where they can do all they want. The client areas sit outside of 'safehouse', as I have no idea how to pass the PHP_AUTH value to the htaccess login, but no matter - you need to log in to get in.

I (maybe naively) think that this will work well - the drawback is that you always have to be in a PHP environment, which for us is fine because our CMS and proj-management software (modified php collab) are all PHP.

The crappy part is that locally you always have to log in...!ding! <light goes on> That's where I can use what you said DaveAtIFG, perfect. Thanks a lot!

2004 and the WebmasterWorld roi just keeps on giving...

:) :)