|
Home > Archive > Apache Server configuration support > July 2007 > Security risks
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| Hi, am very new to apache server and am trudging through all the
documentation to learn more but would appreciate it if someone could
advise me quickly.
I've set up apache 2.0.58 with php 5.5 on a win XP machine for
developmental purposes and have come to realise that people on other
computers can access the serverRoot by typing in http://{my ip
address}. This raises some concerns because I don't have a clue what
else people can see. After some testing I found out that the outside
world can browse all directories in my Server root and see all files,
which isn't too much of a problem, but what about other directories?
Could anyone have access to my myDocuments folder for example?
In general, can someone tell me how I can block all computers form
seeing anything on my computer whilst still being about to work
through my browser on my machine by typing http://localhost
Any help is greatly appreciated,
Ste
| |
| \Crash\ Dummy 2007-07-27, 1:25 pm |
| > I've set up apache 2.0.58 with php 5.5 on a win XP machine for
> developmental purposes and have come to realise that people on other
> computers can access the serverRoot by typing in http://{my ip
> address}.
<snip>
> In general, can someone tell me how I can block all computers form
> seeing anything on my computer whilst still being about to work
> through my browser on my machine by typing http://localhost
Last things first. Open the configuration file (httpd.conf) and locate the
"Listen" directive. It will have your IP assigned:
Listen xxx.xxx.xxx.xxx:80
Just change that to "Listen 127.0.0.1:80" and make sure no other occurrences of
Listen are active. (You can listen to more than one IP)
> This raises some concerns because I don't have a clue what
> else people can see. After some testing I found out that the outside
> world can browse all directories in my Server root and see all files,
> which isn't too much of a problem, but what about other directories?
> Could anyone have access to my myDocuments folder for example?
Clients can only access files and directories under the DocumentRoot. You can
also block browsing of those directories by removing the Index option for some
or all of the directories.
--
Crash
| |
|
| Brilliant. Thank you very much, I'll try that now 
Ste
On 27 Jul, 11:21, "\"Crash\" Dummy" <dva...@deathstar.mil> wrote:
> <snip>
>
> Last things first. Open the configuration file (httpd.conf) and locate the
> "Listen" directive. It will have your IP assigned:
>
> Listen xxx.xxx.xxx.xxx:80
>
> Just change that to "Listen 127.0.0.1:80" and make sure no other occurrences of
> Listen are active. (You can listen to more than one IP)
>
>
> Clients can only access files and directories under the DocumentRoot. You can
> also block browsing of those directories by removing the Index option for some
> or all of the directories.
> --
> Crash
|
|
|
|
|