You are not logged in.

#1 2022-09-30 11:32:52

m2arch
Member
Registered: 2022-08-28
Posts: 23

[SOLVED]Apache local server security

I am trying to set up local web server for php,mysql,apache but If I didn't wrong, there is a issue with security:

 
tcp        0      0 127.0.0.1:80            0.0.0.0:*               LISTEN
tcp6       0      0 :::3306                 :::*                    LISTEN
tcp        0      0 127.0.0.1:80            127.0.0.1:57622         TIME_WAIT

I saw on the wiki say:

For the entries marked as LISTEN in the last column, look at the Listen column. It should always start with 127.0.0.1 or ::1 but not with 0.0.0.0.

This page

For this problem, I deleted xampp and installed apache in case apache can solve it, but still the same problem. If I can solve it with xampp php vs. I guess I can switch to xampp because it will be easier to set up, but if you say apache php, mysql is not that difficult and you can handle it better. I can try to learn.

Last edited by m2arch (2022-09-30 16:10:56)


English is not my native language. Please excuse my typing errors. You free to correct me.

Offline

#2 2022-09-30 11:50:02

mpan
Member
Registered: 2012-08-01
Posts: 1,188
Website

Re: [SOLVED]Apache local server security

The wording may be a bit confusing for readers not understanding netstat output. Addresses for the listening sockets are in the fourth column, in English locale named “Local Address”. The fifth column is for remote addresses. Your configuration is fine: the socket listens on 127.0.0.1 only.

— edit: clarified in the wiki; also replaced `netstat` with `ss`.

Last edited by mpan (2022-09-30 11:58:14)


Sometimes I seem a bit harsh — don’t get offended too easily!

Offline

#3 2022-09-30 13:03:40

m2arch
Member
Registered: 2022-08-28
Posts: 23

Re: [SOLVED]Apache local server security

mpan wrote:

The wording may be a bit confusing for readers not understanding netstat output. Addresses for the listening sockets are in the fourth column, in English locale named “Local Address”. The fifth column is for remote addresses. Your configuration is fine: the socket listens on 127.0.0.1 only.

— edit: clarified in the wiki; also replaced `netstat` with `ss`.

Thank you. If someone need it:

  ss -tln                                              ─╯
State  Recv-Q Send-Q Local Address:Port   Peer Address:Port Process
LISTEN 0      0                  *:3306              *:* 

This is totaly fine.

I've already made security and performance tweaks to Apache. I wonder if I go back to "xampp" again, should I make these settings again? Or do those settings remain?


English is not my native language. Please excuse my typing errors. You free to correct me.

Offline

#4 2022-09-30 13:42:38

mpan
Member
Registered: 2012-08-01
Posts: 1,188
Website

Re: [SOLVED]Apache local server security

Is this the entire output of `ss -tln`? It only contains something listening on *:3306 — likely a MariaDB or MySQL. There is no trace of Apache httpd listening on :80. And, if that *:3306 is indeed the database server, the configuration is not what you wanted: it is visible to everybody, not only localhost.


Sometimes I seem a bit harsh — don’t get offended too easily!

Offline

#5 2022-09-30 14:22:18

m2arch
Member
Registered: 2022-08-28
Posts: 23

Re: [SOLVED]Apache local server security

mpan wrote:

Is this the entire output of `ss -tln`? It only contains something listening on *:3306 — likely a MariaDB or MySQL. There is no trace of Apache httpd listening on :80. And, if that *:3306 is indeed the database server, the configuration is not what you wanted: it is visible to everybody, not only localhost.

No I don't want to visible to internet. I just want to use on local for web development.

 ss -tln                                                          ─╯
State   Recv-Q  Send-Q   Local Address:Port   Peer Address:Port Process
LISTEN  0       0            127.0.0.1:80          0.0.0.0:*
LISTEN  0       0                    *:3306              *:* 

This :3306 maybe keepassxc is the plugin I'm using?


English is not my native language. Please excuse my typing errors. You free to correct me.

Offline

#6 2022-09-30 14:34:57

mpan
Member
Registered: 2012-08-01
Posts: 1,188
Website

Re: [SOLVED]Apache local server security

3306 is the default port used by MariaDB and MySQL. Since you configure an *AMP deployment, I would first assume that this is one of those, not some other program.

If in doubt, you may ask ss to print information about the process owning the port:

sudo ss -tlnp

Sometimes I seem a bit harsh — don’t get offended too easily!

Offline

#7 2022-09-30 14:42:27

m2arch
Member
Registered: 2022-08-28
Posts: 23

Re: [SOLVED]Apache local server security

mpan wrote:

3306 is the default port used by MariaDB and MySQL. Since you configure an *AMP deployment, I would first assume that this is one of those, not some other program.

If in doubt, you may ask ss to print information about the process owning the port:

sudo ss -tlnp

I restarted the computer and it was gone.

 sudo ss -tlnp                                                    ─╯
State   Recv-Q  Send-Q   Local Address:Port   Peer Address:Port Process
LISTEN  0       511          127.0.0.1:80          0.0.0.0:*     users:(("httpd",pid=3198,fd=3),("httpd",pid=3159,fd=3),("httpd",pid=3158,fd=3),("httpd",pid=3157,fd=3),("httpd",pid=3156,fd=3),("httpd",pid=3155,fd=3),("httpd",pid=3154,fd=3),("httpd",pid=3153,fd=3))

English is not my native language. Please excuse my typing errors. You free to correct me.

Offline

#8 2022-09-30 15:30:30

mpan
Member
Registered: 2012-08-01
Posts: 1,188
Website

Re: [SOLVED]Apache local server security

I assume this is solved then. Please consider adding “[SOLVED]” before the title.


Sometimes I seem a bit harsh — don’t get offended too easily!

Offline

#9 2022-09-30 16:11:40

m2arch
Member
Registered: 2022-08-28
Posts: 23

Re: [SOLVED]Apache local server security

mpan wrote:

I assume this is solved then. Please consider adding “[SOLVED]” before the title.

Thank you. I appericiate that.


English is not my native language. Please excuse my typing errors. You free to correct me.

Offline

Board footer

Powered by FluxBB