kryptotech
asked on
Only listen to requests from the local host
I actually have 2 parts to this question:
1. How can you configure apache to only listen to requests on port 80 coming from the local host and not from anywhere else? Everyone else should be connecting to 443.
2. I've been reading the documentation on the Apache web site about redirection. Can someone bypass redirection? If so, can this be done only by not using regular expressions with the Redirect Directive?
1. How can you configure apache to only listen to requests on port 80 coming from the local host and not from anywhere else? Everyone else should be connecting to 443.
2. I've been reading the documentation on the Apache web site about redirection. Can someone bypass redirection? If so, can this be done only by not using regular expressions with the Redirect Directive?
1.
The Listen directive takes options IP, set it to 127.0.0.1 http://httpd.apache.org/docs/2.0/mod/mpm_common.html#listen
As for apache 1.3 http://httpd.apache.org/docs/1.3/mod/core.html#bindaddress
Or use firewall to reject connection from others than localhost
2.
Not sure if I understand?
The Listen directive takes options IP, set it to 127.0.0.1 http://httpd.apache.org/docs/2.0/mod/mpm_common.html#listen
As for apache 1.3 http://httpd.apache.org/docs/1.3/mod/core.html#bindaddress
Or use firewall to reject connection from others than localhost
2.
Not sure if I understand?
ASKER
On the listen directive if you use listen 127.0.0.1:80 does that mean that it will only listen for requests on port 80 coming from the local host?
If it's apache 2.0+ Yes.
But note, that You have to enter URL like http://localhost/ then.
But note, that You have to enter URL like http://localhost/ then.
ASKER
Nice. So if I do that then no one else could connect on port 80 and the server could still do internal communication.
On question 2, I wrote a better description if you could help:
Here's the problem. I had a simple redirect on my web site that would
send everyone going to http://mysite.com to https://mysite.com and it
worked great, but if someone were to type in http://mysite.com/listing
then they would not get redirected to the https site.
From this we created a rewrite rule that looked like this (if there's anything wrong with this, please let me know):
RewriteCond %{REMOTE_HOST} !^IPADDRESSOFSERVER/$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 <https://%{HTTP_HOST}/$1>[NC,R,L]
This seems to be working for site requests, but what we need to
accomplish is have all users get redirected to the https site except
for the local host. The local host still needs to communicate on port
80 for some web features, but isn't able to with what we have in place.
(Should IPADDRESSOFSERVER be localhost, 127.0.0.1, or the actual IP of
the Server?)
On question 2, I wrote a better description if you could help:
Here's the problem. I had a simple redirect on my web site that would
send everyone going to http://mysite.com to https://mysite.com and it
worked great, but if someone were to type in http://mysite.com/listing
then they would not get redirected to the https site.
From this we created a rewrite rule that looked like this (if there's anything wrong with this, please let me know):
RewriteCond %{REMOTE_HOST} !^IPADDRESSOFSERVER/$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 <https://%{HTTP_HOST}/$1>[NC,R,L]
This seems to be working for site requests, but what we need to
accomplish is have all users get redirected to the https site except
for the local host. The local host still needs to communicate on port
80 for some web features, but isn't able to with what we have in place.
(Should IPADDRESSOFSERVER be localhost, 127.0.0.1, or the actual IP of
the Server?)
> Should IPADDRESSOFSERVER be localhost, 127.0.0.1, or the actual IP
Both in fact.
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REMOTE_HOST} ! =%{SERVER_ADDR}
RewriteCond %{REMOTE_HOST} ! =127.0.0.1
RewriteCond %{HTTPS} =off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
Both in fact.
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REMOTE_HOST} ! =%{SERVER_ADDR}
RewriteCond %{REMOTE_HOST} ! =127.0.0.1
RewriteCond %{HTTPS} =off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That's great. Thanks for your help.
Since, I'm not real familiar with Rewrite rules do you mind explaining what the difference would be in the original rule I posted and the last one you posted?
Since, I'm not real familiar with Rewrite rules do you mind explaining what the difference would be in the original rule I posted and the last one you posted?
RewriteCond %{REMOTE_HOST} ! =%{SERVER_ADDR} #if remote IP is different (!=_) from server's IP
RewriteCond %{REMOTE_HOST} ! =127.0.0.1 # AND from localhost
RewriteCond %{HTTPS} ! =on # AND https protocol was not used
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R] # ignore whatever user typed, but redirect to address combined from server's internal
the last Line could (should?) look like
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI
> RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 <https://%{HTTP_HOST}/$1>[NC,R,L]
will not work from .htaccess (!). The part in < > is invalid - should not be at all.
RewriteCond %{REMOTE_HOST} ! =127.0.0.1 # AND from localhost
RewriteCond %{HTTPS} ! =on # AND https protocol was not used
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R] # ignore whatever user typed, but redirect to address combined from server's internal
the last Line could (should?) look like
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI
> RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 <https://%{HTTP_HOST}/$1>[NC,R,L]
will not work from .htaccess (!). The part in < > is invalid - should not be at all.
https://www.experts-exchange.com/questions/22112895/How-can-I-get-rid-of-a-double-login-prompt-from-htaccess-over-SSL.html
This deals with forcing https on a web site. I am not sure about spliting the request so that requests going to locahost are not forced to using ssl