Reputation: 7054
Is it safe to run a local http server?
I am doing web development and running, say, Apache, just to test things locally on my machine. Say, I have a web application that allows one to view or edit many files on my computer. What should I do to make sure that nobody can access this server remotely?
Run the server under a dedicated account? Simply not set the root directory to "/"? Simply check the server's settings and make sure that only local IPs are allowed? Or is it already guaranteed by my router (if I am using Wifi at home)? What about using public Wifi?
Upvotes: 0
Views: 3038
Answers (1)
Reputation: 722
You can just simply block any network traffic except loopback (localhost) on Apache port using firewall in your OS.
I simply block all traffic from any local network addresses, which are:
- 10.0.0.0 - 10.255.255.255
- 172.16.0.0 - 172.31.255.255
- 192.168.0.0 - 192.168.255.255
You should also take into consideration IPv6 addresses.
Another thing you can try is switching:
Order allow,deny
To:
Order deny,allow
In your site's settings file (I guess it will be sites-enabled/000-default).
Upvotes: 1
Related Questions
- How do I make my local webserver accessible to others on my network?
- Security Risks Associated With Local Web Servers
- Apache Configuration for Local Server
- Any risks in installing my own http server?
- Can I use Apache servers for a local network?
- Web server on local machine, are there any gotchas?
- Accessing apache HTTP server over the internet
- Running Apache on port 80
- What must I do to ensure that a web server (Apache) running on a machine is not accessible to the outside world?
- Using Apache to host websites on local network