Welcome to WebmasterWorld Guest from

Forum Moderators: bakedjake

Message Too Old, No Replies

server not accessible from remote system

web pages on linux-apache server not accessible



9:46 am on Jan 24, 2003 (gmt 0)

10+ Year Member

hi all

i'm working on linux-apache-php-mysql combination and i'm new to this combination. i installed everything on my box. i would like to make my system( part of intranet having its own static ip address) web server for the web site i'm developing. i can view pages on my server system using http*//aaaaa.bb.ccc.ddd(localdomain.localhost)/ee.html. the problem is that i can not access my server from a remote system using the static ip address of my server. what would be the right approach for my problem?

[edited by: engine at 9:50 am (utc) on Jan. 24, 2003]
[edit reason] de-linked [/edit]


5:56 am on Jan 25, 2003 (gmt 0)

10+ Year Member

Hello sai_suresh and welcome to WebmasterWorld.

You may like to review other related threads on this forum, like Apache works locally (on LAN) but not remotely (Internet) [webmasterworld.com] or viewing pages on a local apache [webmasterworld.com].


7:12 am on Feb 21, 2003 (gmt 0)

10+ Year Member


I came to know that Linux default network configuration denies any request from a remote system.so, I could get web pages from my server if i run "service ipchains stop" which removes default firewall settings making my server accessible from a remote system but making it vulnerable by removing firewall settings. what should i do to make it secure. will installing secure web server( mad_ssl+openssl) work for me in that case?


7:43 am on Feb 21, 2003 (gmt 0)

10+ Year Member

SSL will not make your server less crackable; it is needed to prevent third parties from eavesdropping the messages through the public internet, so them can only be translated by the trusting parties.

What you need to do is to configure ipchains to allow traffic through the port 80, the default for a web server. What a firewall really does is blocking traffic through ports you know are not needed for normal operation, i.e. all except the one you explicitely need.


9:49 am on Feb 21, 2003 (gmt 0)

10+ Year Member

Thank you Dracula for ur earlier reply. but how can i be sure that my server is secure once i define the ipchain to allow only port 80 for communication? is there anyway that i can assure that the server is as secure as any other server on the internet. what r the testing strategies to ensure web server security.


10:23 am on Feb 21, 2003 (gmt 0)

10+ Year Member

The only true way to secure a server is remove any physical way for the server to talk to the outside world - this to include network cables, monitors, and keyboards, and to site the computer in a locked room. :)

is there anyway that i can assure that the server is as secure as any other server on the internet

If you only open up port 80 (tcp) on the server, then the other services on the server will still be inaccessible. With computers on the internet, you want as few as possible services accessible to the outside world.

Testing strategies could include running a port scanner on the whole server using both TCP and UDP protocols - this should be run from a remote machine. nmap is quite a useful tool for this. There are further tools available such as Nessus, which is a security auditing tool. These will actually probe your open services for any known vulnerability and report back to you. Again, this is best run remotely so you can know exactly what a potential hacker can see.

Another route to go down would be monitoring, in conjunction with testing. Install something like logcheck to automatically email you your system logs containing any suspect behaviour. Run tripwire nightly. Run chkrootkit nightly. Look at the reports these utilities provide you with!

And of course, take backups, just in case the unthinkable happens. :)



11:02 am on Feb 21, 2003 (gmt 0)

10+ Year Member

is there anyway that i can assure that the server is secure

I liked this article from the Linux Magazine: Hardening Linux Systems [linux-mag.com] (first on a series of three). You can't hardly get more secure than that. Beware, it borderlines paranoia.


Featured Threads

Hot Threads This Week

Hot Threads This Month