0

I'm using a software which is accessible by http://server_ip:certain_port I want it to be accessible internally only, by http://localhost:port.

How can I block those ports from the outside?

shtuper
  • 187

3 Answers3

2

You should tell Apache to listen on the lo interface only.

Listen 127.0.0.1:80

Reference

bcj
  • 71
0

Firewall. If you are on Ubuntu or debian, ufw is a good choice. Set the firewall to allow ports by default but deny the particular port as a rule.

CameronNemo
  • 399
0

With my own experience of Web server, the most clean solution is to use Apache directive to restrict access via .htaccess directives file or in the site configuration.

Advantages :

  1. No need to fight with IPtables or any other kernel-level firewall rules
  2. Apache is still listening on all interfaces of your server, so you can have in the same Apache instance other web sites without this localhost access-only limitation

The directive you need to use are :

<Location />
  order Deny, Allow
  deny from all
  Allow from localhost
  Allow from 127.0.0.1
</Location>

These directive will deny access to the whole web site, only connection coming from localhost (127.0.0.1) will be allowed. You can use the name or the IP address in the URI, they will be recognized as such by both Allow rules.

Where to put these directives :

  1. In an .htaccess file in the top directory containing the files for your web site you want to protect
  2. If you have more than one virtual host configured into your Apache configuration file, put these directives inside the section relative to this web site

Remark :

For the .htaccess file be able to be loaded by the web server, you must have defined this web site with an AllowOverride Limit or AllowOverride all in the definition of the web site. Also, .htaccess is the default name used for this and can be overriden by the Apache directive AccessFileName <filename>

Benoit
  • 396