Solved

Protect access to local web server from unauthorized access (port 80)

Posted on 2014-02-07
8
405 Views
Last Modified: 2014-03-10
Hi,

I have a local web server running on my computer and would like to be able to access it from outside by forwarding port 80.

This works, but now everybody can access it. Is there a why to protect access to the local web server from unauthorized access? I read about .htaccess and .htpassword but that level of protection doesn't meet my standards.

Is there a better / more reliable method available?

Thanks!
0
Comment
Question by:peps03
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 29

Assisted Solution

by:Michael W
Michael W earned 75 total points
ID: 39843495
What is it you're trying to protect? .htaccess / .htpassword is for basic needs.

If you are wanting something a bit more robust, you possible need to look at using PHP and a custom application for such secure needs.

Something else you can try is using a different listening port, so instead of port 80, use something like 4444 -- something not commonly seen as a Apache/WWW server port.
0
 
LVL 33

Assisted Solution

by:shalomc
shalomc earned 200 total points
ID: 39843724
Basic authentication is not as sexy as php login + session cookie.
But it provides exactly the same level of security.
You may throw in SSL. This can serve to protect your login details and data from snooping eyes, and also be used for authentication by certificate. This method is as strong as it gets.
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 225 total points
ID: 39844435
1. I disagree that basic authentication provides EXACTLY the same level of security as a PHP session. A PHP session can be configured to be a little more robust than basic authentication (e.g. rotating session IDs, custom checks, combination of Javascript or CAPTCHA to harden against brute force, etc...). You could set it up to be a similar level, but typically it's not done that way.

2. I agree that SSL can help protect the data during transmission. Always a good idea (even if it's self-signed SSL). Client certificate authentication is a little more complex to set up than server-driven SSL, but it -is- indeed, one of the most secure methods you can use for authentication.

3. All that said, it SOUNDS like you just want access to port 80 to be restricted to a given IP address. If that's the case, you can either use a firewall (iptables for Linux or Windows Firewall for Windows are both good choices), or you can implement IP restrictions within your web server configuration using the Allow / Deny directives in your Apache config. The Apache docs have some good examples:

http://httpd.apache.org/docs/2.2/howto/access.html
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:peps03
ID: 39848619
Thanks!

What would be a good way to protect the root and it's sub folders with php?

I think the things you name in point 3 are good options, but i would like to combine one of them with a php security measure.
What would be advisable?

>i think point 2 is too hard to set up for me?
0
 
LVL 29

Expert Comment

by:Michael W
ID: 39852839
0
 

Author Comment

by:peps03
ID: 39894648
A htaccess and htpasswd could password protect the whole server if i place it in the root, as it also works for all (sub)folders.

Could php do that as well? Aren't php security measures moreover intended to secure individual files or websites?

Is it possible to limit htpasswd log in attempts? (as this would be possible with php protection)

Thanks
0
 
LVL 33

Assisted Solution

by:shalomc
shalomc earned 200 total points
ID: 39895505
> Could php do that as well?
Only if the web site is designed from the roots up with this in mind. For example, in a CMS that manages users and had an internal authorization scheme.
When the web site was not designed with authentication and authorization, adding it on afterwards as application logic requires extensive rewrites and modofocations.
htpasswd is completely independent of application logic.

> Is it possible to limit htpasswd log in attempts? (as this would be possible with php protection)
Base authenticatin throws a 403 error back to the browser. By default, browsers will display an error page after several attempts. Using php you could write authentication code that freezes accounts after severl failures, create password resets, add captchas etc. It will be difficult to do the same with basic auth.
0
 

Author Closing Comment

by:peps03
ID: 39917773
Thanks all for your replies!
I'll take all the possibilities into account. Limiting access with ip-tables / firewall sounds good in combination with some other measures.
Thanks
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction People like FTP.  It's a solid, stable, robust protocol for quickly transferring files between two hosts using TCP/IP.  In most cases it's much faster than SMB or CIFS, and certainly much easier to set up between organizations.  This…
Hello, As I have seen there a lot of requests regarding monitoring and reporting for exchange 2007 / 2010 / 2013 I have decided to post some thoughts together and link to articles that have helped me. Of course a lot of information you can get…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question