Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > Websharing: preventing non-local access?

Websharing: preventing non-local access?
Thread Tools
ipsych
Fresh-Faced Recruit
Join Date: Jun 2006
Status: Offline
Reply With Quote
Dec 6, 2007, 10:57 AM
 
Hello,

I'm using a php-wiki on my MacBook which runs smoothly with websharing activated. The problem is, that I do not want to share its contents (I use it for my dissertation and it should not be shared). Besides closed wiki settings which demand a login is there anything that I can do, so that the wiki (i.e. the content in the "sites" folder) is only accessible from a browser on the machine itself but not from the web when the computer is online?

Thanks in advance and best regards

Daniel
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Dec 6, 2007, 11:35 AM
 
I don't think there's an issue unless you have Web Sharing turned on.

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
S_J
Fresh-Faced Recruit
Join Date: Nov 2007
Status: Offline
Reply With Quote
Dec 6, 2007, 12:24 PM
 
ipsych,

One way is to use a separate firewall software to deny access from outside to your port 80. If you're using Leopard you can simply add a deny rule to your ipfw using something like Waterroof. If you're still on Tiger then you may want to consider using Apache's mod_access module (Apache module mod_access) to deny access to anyone except 127.0.0.1 (your computer).

If you're interested in a more full-blown firewall with some good additional security features, look into NetBarrier from Intego (intego.com). Then you can use NetBarrier to customize access to your machine.

Hope this helps!
Sincerely,
SJ
Security Generation- Mac OS X and Network Security News, Articles and Forums
http://www.securitygeneration.com
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Dec 6, 2007, 01:13 PM
 
Another thing you can do is change your Apache listen/bind port to 127.0.0.1. I *think* this will refuse connections using your WAN IP address. A firewall is also another way you can do this, as has been said.
     
zro
Mac Elite
Join Date: Nov 2003
Location: The back of the room
Status: Offline
Reply With Quote
Dec 6, 2007, 03:31 PM
 
Mod-rewrite can do this also. Although IP spoofing could get around it.

RewriteEngine on
RewriteCond %{REMOTE_ADDR} !your.local.ip.address.
RewriteRule ^/(.*) http://%{REMOTE_ADDR}/ [L,E=nolog:1]
     
ipsych  (op)
Fresh-Faced Recruit
Join Date: Jun 2006
Status: Offline
Reply With Quote
Dec 7, 2007, 05:02 AM
 
Hello everyone,

thanks for the helpful replies. I've used Waterroof and added some static rules (allow ip and tcp from 127.0.0.1 to 127.0.0.1 port 80 and deny from "not me" to 127.0.0.1 port 80.

Seems to work fine.

Thank you very much and best regards

Daniel
     
Gavin
Mac Elite
Join Date: Oct 2000
Location: Seattle
Status: Offline
Reply With Quote
Dec 8, 2007, 01:21 AM
 
you can also deal with it in apache config
/etc/httpd/httpd.conf ( or /etc/apache2/httpd.conf with Leo)

Order deny,allow
deny from all
allow from localhost
You can take the dude out of So Cal, but you can't take the dude outta the dude, dude!
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 04:14 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,