 |
 |
Websharing: preventing non-local access?
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jun 2006
Status:
Offline
|
|
Hello,
I'm using a php-wiki on my MacBook which runs smoothly with websharing activated. The problem is, that I do not want to share its contents (I use it for my dissertation and it should not be shared). Besides closed wiki settings which demand a login is there anything that I can do, so that the wiki (i.e. the content in the "sites" folder) is only accessible from a browser on the machine itself but not from the web when the computer is online?
Thanks in advance and best regards
Daniel
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Online
|
|
I don't think there's an issue unless you have Web Sharing turned on.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2007
Status:
Offline
|
|
ipsych,
One way is to use a separate firewall software to deny access from outside to your port 80. If you're using Leopard you can simply add a deny rule to your ipfw using something like Waterroof. If you're still on Tiger then you may want to consider using Apache's mod_access module ( Apache module mod_access) to deny access to anyone except 127.0.0.1 (your computer).
If you're interested in a more full-blown firewall with some good additional security features, look into NetBarrier from Intego (intego.com). Then you can use NetBarrier to customize access to your machine.
Hope this helps!
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Another thing you can do is change your Apache listen/bind port to 127.0.0.1. I *think* this will refuse connections using your WAN IP address. A firewall is also another way you can do this, as has been said.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Nov 2003
Location: The back of the room
Status:
Offline
|
|
Mod-rewrite can do this also. Although IP spoofing could get around it.
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !your.local.ip.address.
RewriteRule ^/(.*) http://%{REMOTE_ADDR}/ [L,E=nolog:1]
|
|
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jun 2006
Status:
Offline
|
|
Hello everyone,
thanks for the helpful replies. I've used Waterroof and added some static rules (allow ip and tcp from 127.0.0.1 to 127.0.0.1 port 80 and deny from "not me" to 127.0.0.1 port 80.
Seems to work fine.
Thank you very much and best regards
Daniel
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 2000
Location: Seattle
Status:
Offline
|
|
you can also deal with it in apache config
/etc/httpd/httpd.conf ( or /etc/apache2/httpd.conf with Leo)
Order deny,allow
deny from all
allow from localhost
|
|
You can take the dude out of So Cal, but you can't take the dude outta the dude, dude!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
Top
