On ubuntu, I launched the lamp server, created the site, but now any computer connected to the local network has the opportunity to view this site. How to allow access to this site ONLY from my computer?
- register bans in .htaccess or close access with firewall, i.e. iptables - Mike
- @Mike tried to do this: sudo iptables -A INPUT -p tcp --dport 80 -j DROP, but after entering this command, the site refused to open at all on both the current and other PCs. - Illya Illya
- Is logical. You banned all access. Before this line should add an explicit permission for the ip from which you can go (-s IP -j ACCEPT). - Mike
- 2and you only need access from the local machine , it is better to set up a web server so that it will only be looped to the local host ... - Fat-Zer
|
2 answers
Ubuntu has a utility called ufw simplifies working with iptables. All the ufw filtering rules established by ufw will apply to both ipv4 and ipv6, and will be automatically applied when the system boots.
To enable network activity filtering (apply the default filtering rules that came up with Canonical), do the following:
sudo ufw enable After that, using iptables, rules will be applied to netfilter that will drop incoming connections and log attempts to establish them in the log. Outgoing connections will not be affected.
View status (settings):
sudo ufw status verbose Disable (remove filtering rules):
sudo ufw disable An example of adding and removing a special rule that allows you to make an incoming connection through a specific port:
sudo ufw allow 22 sudo ufw delete allow 22 
Alexander Berezovsky Alexander Berezovsky
668 one 7
- Thanks, helped! As I understand it, after executing the sudo ufw enable command, all ports are automatically closed, and to open them, you need to register sudo ufw allow PORT NUMBER, right? If yes, then the question arises, why does sudo ufw deny PORT NUMBER exist, because the ports are closed by default? - Illya Illya
- No, not all ports are closed. After turning on the firewall, some predefined ports remain open. In particular, 22 and 80, as well as some others, but if programs are installed using them. In addition, the command to close the port is needed in order to cancel the opening command symmetrical to it. - mymedia
|
There is another possible way to restrict access to the server only to local users of the computer. You can edit the /etc/apache2/ports.conf file, specifying the local IP address there.
Listen 127.0.0.1: 80 You need to add the part in italics and comment out the lines related to port 443.
After editing the configuration, do not forget to restart the web server.
sudo systemctl reload apache2 
mymedia mymedia
7,055 2 21 44
|