OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: AW: [suse-security] Web server security holes ?
From: Stefan Becker (beckerlufa-sp.vdlufa.de)
Date: Wed Apr 05 2000 - 06:16:30 CDT

Hi,
If your Webserver is practicaly open to public
(like Apache running on the ISDN Router) and
you need to deny access to that interface but
still want your internal users to see the
webserver - you can consider the following:

put this in the httpd.conf
  #
  # Listen: Allows you to bind Apache to specific IP addresses and/or
  # ports, in addition to the default. See also the <VirtualHost>
  # directive.
  #
  #Listen 3000
  Listen 192.168.80.99:80

This will handle requests directed the www-servers interface
(for example using apache as a proxy server) - but will
be totally deaf to rest of the world!

This should do fine!

> > editing /etc/rc.config "start_httpd=no"
> > or stop it by typeing /sbin/init.d/apache stop
>
> Well, I think he still needs internal access for SuSE help
> system etc. So he could specifically deny access to port
> 80 for all hosts except his own.
>

LUFA Speyer (EDV)
email: beckerlufa-sp.vdlufa.de
tel : +49 (0)6232-629542
fax : +49 (0)6232-629544

 Die Landwirtschaftliche Untersuchungs- und Forschungsanstalt bietet eine
 AZUBI Stelle für Fachinformatiker/Fachinformatikerin an:
 --> http://www.vdlufa.de/speyer/

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com