From owner-freebsd-questions@FreeBSD.ORG Thu Jan 20 02:49:00 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5FEA616A4CE for ; Thu, 20 Jan 2005 02:49:00 +0000 (GMT) Received: from mtiwmhc13.worldnet.att.net (mtiwmhc13.worldnet.att.net [204.127.131.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC6B443D5C for ; Thu, 20 Jan 2005 02:48:52 +0000 (GMT) (envelope-from jayobrien@worldnet.att.net) Received: from [192.168.1.6] (dsl093-180-184.sac1.dsl.speakeasy.net[66.93.180.184]) by worldnet.att.net (mtiwmhc13) with ESMTP id <2005012002484911300o3091e> (Authid: jayobrien@att.net); Thu, 20 Jan 2005 02:48:49 +0000 Message-ID: <41EF1C10.2090106@att.net> Date: Wed, 19 Jan 2005 18:48:48 -0800 From: Jay O'Brien User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040803 X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD - questions References: <41EE0A7B.0@att.net> <200501200009.01258.list-freebsd-2004@morbius.sent.com> In-Reply-To: <200501200009.01258.list-freebsd-2004@morbius.sent.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: Security for webserver behind router? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 02:49:00 -0000 RW wrote: > On Wednesday 19 January 2005 07:21, Jay O'Brien wrote: > >>I've brought up a 5.3 Release machine as a learning tool, >>with apache 1.3. It is on a LAN with Windows machines, and >>port 80 (and only port 80) is open and directed by the >>Linksys router to the FreeBSD machine. It is working fine so >>far, but my learning curve is slower than I would like. >> >>I know that there's lots to learn and do later about >>security, when I bypass the Router and use the FreeBSD box >>as the NAT device, but for now I would like to confine my >>learning to Apache, with only port 80 open. I do have ftp >>and ssh enabled on the LAN for access by the Windows boxes. >> >>As I haven't done anything for security on the FreeBSD >>machine, am I exposed to anything by having port 80 open? Is >>there anything I should do now? > > > It's in the nature of any webserver software that it provides rich picking for > hackers. > > If it's a learning tool, don't expose apache to the internet, you can test it > perfectly well from your local network. If you want to access it from a > remote location, then setup your FreeBSD firewall to allow access from a > limited range of ip addresses. > Thanks, but what I want to know is what risk I have with port 80, and only port 80 open. Jay