Can I make apache web server local to my PC?

I installed the Apache web server on my PC because I want to work on some cgi perl scripts that are being called from a web page.

To minimize the probability of some hacker attacking my PC through a web server vulnerability, is there a way to tell Apache to repond only to web page requests coming from my PC?

More generally, how vulnerable is my PC now that I am running Apache, and do you have any tips on minimizing Apache’s vulnerability?

(FYI, I have up-to-date firewall and anti-virus software, and I’m on DSL)

In your Apache configuration, make sure your server is only listening on 127.0.0.1. (This should be the default.) That way, the server will not respond to requests that come in over any public interface.

In your firewall setup, make sure you block incoming requests to port 80. Note that this will only allow you to access the Apache server from the machine itself; any other machine will have to go through that firewall and will be blocked.

Finally, on a semi-unrelated note, make sure to turn on strict and warnings in your Perl code!

A second option would be running the web server on a virtual PC installed under your other OS. This has some advantages that may be obvious to you, including a number of compatibility tests, but for your application it has the advantage that you can set up host-only networking using the virtual PC software.
You may wish to look at Microsoft Virtual PC '04 or VMWare Server, perhaps other revisions of these.

VMware Server is free but just like any virtual software if you want to run windows you need a licenced for your host os and the firtual system. Linux is a better choice for a virtual system

How can I verify that it has indeed been set up that way by default?

Always do :slight_smile:

On Linux, you’d probably be looking at something like /etc/apache2/listen.conf. I’m not sure where it would be on Windows (C:/Program Files/Apache/conf?), but the file is probably still called listen.conf.

I’m pretty sure Apache2 is NOT set up this way by default, at least in my listen.conf it has the following comment:

Change this to Listen on specific IP addresses as shown below to

prevent Apache from glomming onto all bound IP addresses (0.0.0.0)

So for example you would want yours to say:
Listen 127.0.0.1:80

Anyway, if you have any kind of decent firewall it should be blocking connections by default, and you’d have to open up port 80 or 443 for anybody to be able to connect.

Assuming nobody can connect to Apache from outside, I don’t think you have anything more to worry about now than you did before you installed it. Even if you did open it up to the internet, if you are running the latest version I don’t think there is too much to worry about from Apache itself. I believe it’s reasonably secure these days. Your Perl scripts, on the other hand, I can’t comment on. :slight_smile: