Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 19 Jan 2005 23:20:34 -0800
From:      pete wright <nomadlogic@gmail.com>
To:        Jay O'Brien <jayobrien@att.net>
Cc:        FreeBSD - questions <questions@freebsd.org>
Subject:   Re: Security for webserver behind router?
Message-ID:  <57d710000501192320dbce397@mail.gmail.com>
In-Reply-To: <41EF4A34.4020808@att.net>
References:  <41EE0A7B.0@att.net> <200501200009.01258.list-freebsd-2004@morbius.sent.com> <41EF1C10.2090106@att.net> <1493773909.20050120042307@wanadoo.fr> <41EF4A34.4020808@att.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 19 Jan 2005 22:05:40 -0800, Jay O'Brien <jayobrien@att.net> wrote:
> Anthony Atkielski wrote:
> 
> > Jay O'Brien writes:
> >
> > JOB> Thanks, but what I want to know is what risk I have with port 80,
> > JOB> and only port 80 open.
> >
> > The risk depends on Apache, since that's the daemon answering the phone
> > when someone calls in on port 80.
> >
> > Just make sure you're using the latest version of Apache (1.3.33, if you
> > want the 1.x version, or 2.0.52, if you want the 2.x version).  Some
> > earlier versions are vulnerable.  As long as Apache is secure, port 80
> > can be open.
> >
> 
> I am running Apache 1.3.33, as you suggest I should. You say "as long as
> Apache is secure"; what should I do to be sure that Apache is secure?
> 
> If there isn't a security risk with the FreeBSD system I've described,
> maybe this question belongs on the Apache mailing list, not here?
> 

If you are interested in learning about how FreeBSD works, and am
concerned about security (which frankly are two good things to be
concerned with) then your best bet is to check the man pages as well
as the handbook:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/securing-freebsd.html
(all good things to read)

strictly speaking, by opening a port and exposing a service, an attack
vector is created which someone could use against you.  the best way
to deal with this is to know what applications you are running to
monitor them.  as of now though there does not seem to be an open
security hole with that version of apache...altho who knows what will
happen tommorow.
HTH
-pete



-- 
~~o0OO0o~~
Pete Wright
www.nycbug.org
NYC's *BSD User Group



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?57d710000501192320dbce397>