Date: Wed, 19 Jan 2005 18:48:48 -0800 From: Jay O'Brien <jayobrien@att.net> To: FreeBSD - questions <questions@freebsd.org> Subject: Re: Security for webserver behind router? Message-ID: <41EF1C10.2090106@att.net> In-Reply-To: <200501200009.01258.list-freebsd-2004@morbius.sent.com> References: <41EE0A7B.0@att.net> <200501200009.01258.list-freebsd-2004@morbius.sent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
RW wrote: > On Wednesday 19 January 2005 07:21, Jay O'Brien wrote: > >>I've brought up a 5.3 Release machine as a learning tool, >>with apache 1.3. It is on a LAN with Windows machines, and >>port 80 (and only port 80) is open and directed by the >>Linksys router to the FreeBSD machine. It is working fine so >>far, but my learning curve is slower than I would like. >> >>I know that there's lots to learn and do later about >>security, when I bypass the Router and use the FreeBSD box >>as the NAT device, but for now I would like to confine my >>learning to Apache, with only port 80 open. I do have ftp >>and ssh enabled on the LAN for access by the Windows boxes. >> >>As I haven't done anything for security on the FreeBSD >>machine, am I exposed to anything by having port 80 open? Is >>there anything I should do now? > > > It's in the nature of any webserver software that it provides rich picking for > hackers. > > If it's a learning tool, don't expose apache to the internet, you can test it > perfectly well from your local network. If you want to access it from a > remote location, then setup your FreeBSD firewall to allow access from a > limited range of ip addresses. > Thanks, but what I want to know is what risk I have with port 80, and only port 80 open. Jay
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41EF1C10.2090106>