Make apache only accessible via 127.0.0.1, is this possible?

apache-2.2 windows-7 loopback httpd.conf

The easiest way to do this is through the Listen directive. By defaults, there's a line in our httpd.conf that reads:

Listen *:80

Meaning it will respond ro requests on port 80 on all of your computer's network addresses. Changing it to:

Listen 127.0.0.1:80

Will tell apache only to only respond to requests on the local adaptor, thus ignoring anything else.


The listen option is probably best, but just as an FYI, you can do it using allow/deny like this

<Directory /www/vhosts/localhost/>
    Options All
    AllowOverride All
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Directory>

Order deny,allow tells Apache to "Deny all requests unless specifically allowed" (Order allow,deny is the opposite, I.E. allow all requests unless specifically blocked)
Deny from all does a similar thing to Order deny,allow in that it'll block all requests from all IPs unless you specifically open them. It seems to be general practice to use both Order deny,allow and Deny from all but I'm not 100% sure why when they both do the same thing
Allow from 127.0.0.1 says "Allow all requests from 127.0.0.1". 127.0.0.1 will map to localhost so you can use http://127.0.0.1/ or http://localhost/ and it'll be allowed

That will serve a 403 (Forbidden) error to anyone who requests the site no on localhost

Some other useful stuff;
Allow from 192.168.0. will allow request from anyone on your network (Providing your network is 192.168.0.0-192.168.0.255)
Allow/deny rules are processed in order, so

Deny from 192.168.0.2
Allow from 192.168.0.2

would allow requests and

Allow from 192.168.0.2
Deny from 192.168.0.2

would deny requests from 192.168.0.2

So

Deny from 192.168.0.2
Allow from all

Would allow requests from 192.168.0.2, even though it had specifically been denied.

You can also use Allow/Deny rules in .htaccess files or on a per-directory basis


I made changes to ports.conf in /etc/apache2 so that each reference to Listen to a port was only listening to localhost. No other files seem to have listen command in. After restarting apache these changes seemed to have desired effect.

/etc/apache2/ports.conf

NameVirtualHost *:80
########################## Listen 80
Listen 127.0.0.1:80

<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
###############################Listen 443
Listen 127.0.0.1:443
</IfModule>

<IfModule mod_gnutls.c>
##################################Listen 443
Listen 127.0.0.1:443
</IfModule>

Related

Connecting two desktop switches with more than one cable?
nginx send blank 200 responses
How to simulate DNS server response timeout?
Oops, no RSA or DSA server certificate found for 'server.host.name:0'?
sshd log full of "Did not receive identification string from "
Which filesystem for large LVM of disks (8 TB)?
Delete file containing invalid characters in windows
Memcached memory usage
`Permission Denied` to CD into a directory even though permissions are correct
Is it bad practice to declare MX from differing networks?
Which anti spam DNS blacklists should used?
Who picked 127.0.0.1 to be localhost and why? What meaning does it have?