Overclock.net › Forums › Specialty Builds › Servers › Limiting port 80 access
New Posts  All Forums:Forum Nav:

Limiting port 80 access

post #1 of 16
Thread Starter 
I use a home hosted web site for my own educational purposes, what I mean is there are only two people I want to allow access to my web site, myself and my instructor. I am not asking for step by step instructions on how to do this as this should be my job to find this out but I do ask if it is possible and if is it possible with just the tools inside XP (to modify my firewall somehow) or should this be done with some 3 rd party firewall software?

I think that perhaps a more permenant solution is to use an untangle box and I am not against this at all if this is the way to go. So briefly my goal is to severly restrict who can access my web site. As soon as I go online with the site it is like an avalanche of traffic trying to get in the site and I think some have gotten in as something as simple as my browser (IE7) is distorted in appearance and I can see a real slowdown in this ISP connection if the server is just up. I use XP Pro as my OS and Apache as my http server, this problem just started recently as the site was down for the Fall semester. What really bothers me is I do not advertise for people to visit my site. Do you think it would be a good idea to drop the ".com" extension and perhaps select an ".org"?
WC Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-930@4.05GHz ASUS P6X58D-Preminum XFX GeForce 275 896mb 6GB Corsair TR3X6G1600C8D 
Hard DriveOptical DriveOSMonitor
WD 150gb Raptor LightScan Win 7 64-bit Acer 22" 
KeyboardPowerCaseMouse
G15 Corsair HX620W Antec 1200 several various 
Mouse Pad
none 
  hide details  
Reply
WC Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-930@4.05GHz ASUS P6X58D-Preminum XFX GeForce 275 896mb 6GB Corsair TR3X6G1600C8D 
Hard DriveOptical DriveOSMonitor
WD 150gb Raptor LightScan Win 7 64-bit Acer 22" 
KeyboardPowerCaseMouse
G15 Corsair HX620W Antec 1200 several various 
Mouse Pad
none 
  hide details  
Reply
post #2 of 16
Add user level authentication into your webpage.

Look into configuring htaccess and create a user/password for accessing the webpage if you want to restrict access.
ShoopDaWoop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 920 ASUS P6T6 WS Revolution eVGA GTX 280 Corsair Dominator 6x2GB DDR3 
Hard DriveOptical DriveOSMonitor
150GB Velociraptor LG 22x DVD +-R/RW SATA Windows 7 Ultimate x64 2x SAMSUNG 206BW 
KeyboardPowerCaseMouse
Logitech G15 Gaming Keyboard Corsair 1 kW Cosmos 1000 Logitech G5 
  hide details  
Reply
ShoopDaWoop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 920 ASUS P6T6 WS Revolution eVGA GTX 280 Corsair Dominator 6x2GB DDR3 
Hard DriveOptical DriveOSMonitor
150GB Velociraptor LG 22x DVD +-R/RW SATA Windows 7 Ultimate x64 2x SAMSUNG 206BW 
KeyboardPowerCaseMouse
Logitech G15 Gaming Keyboard Corsair 1 kW Cosmos 1000 Logitech G5 
  hide details  
Reply
post #3 of 16
Thread Starter 
OK,I had never thought of doing it this way. There always seems to be a way to do something that others know about but I have not been exposed to. With the method you list I hope I can leave the Windows firewall up and when I or my instructor wants to go to the web site (to view my Dreamweaver lessons) we just use this credential method you list. Leaving the firewall down to allow access is just not working out any more. thanks +rep.
WC Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-930@4.05GHz ASUS P6X58D-Preminum XFX GeForce 275 896mb 6GB Corsair TR3X6G1600C8D 
Hard DriveOptical DriveOSMonitor
WD 150gb Raptor LightScan Win 7 64-bit Acer 22" 
KeyboardPowerCaseMouse
G15 Corsair HX620W Antec 1200 several various 
Mouse Pad
none 
  hide details  
Reply
WC Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-930@4.05GHz ASUS P6X58D-Preminum XFX GeForce 275 896mb 6GB Corsair TR3X6G1600C8D 
Hard DriveOptical DriveOSMonitor
WD 150gb Raptor LightScan Win 7 64-bit Acer 22" 
KeyboardPowerCaseMouse
G15 Corsair HX620W Antec 1200 several various 
Mouse Pad
none 
  hide details  
Reply
post #4 of 16
You'll wanna use a .htaccess file in the web root.



With something like

Order deny,allow
Deny from all
Allow from 86.468.46.26
Allow from 43.345.87.21
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 G0 3Ghz Asus P5K P35 HIS 4850 512MB 710/1110 4GB PC2-6400 (2x2GB) 
Hard DriveOSMonitorPower
Hitachi T7K500 320GB + 750GB NAS Windows 7 x64 2x 19" Hanns G 5ms (2880x900) EZCool 650Watt Modular 
Case
Aspire X-Plorer 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 G0 3Ghz Asus P5K P35 HIS 4850 512MB 710/1110 4GB PC2-6400 (2x2GB) 
Hard DriveOSMonitorPower
Hitachi T7K500 320GB + 750GB NAS Windows 7 x64 2x 19" Hanns G 5ms (2880x900) EZCool 650Watt Modular 
Case
Aspire X-Plorer 
  hide details  
Reply
post #5 of 16
You could also use the fire wall. Disallow all connections to port 80 and then add 2 exceptions for the IP's
    
CPUMotherboardGraphicsGraphics
i7 2600k Gigabyte P67-UD4-B3 GTX 580 GTX 580 
RAMHard DriveOSMonitor
Who cares? Intel SSD  Windows 7 Dell u3011 
MonitorPowerCaseMouse
Dell u3011 Seasonic x1200 800D G700 
AudioAudio
Xonar STX Beyerdynamic DT 990 
  hide details  
Reply
    
CPUMotherboardGraphicsGraphics
i7 2600k Gigabyte P67-UD4-B3 GTX 580 GTX 580 
RAMHard DriveOSMonitor
Who cares? Intel SSD  Windows 7 Dell u3011 
MonitorPowerCaseMouse
Dell u3011 Seasonic x1200 800D G700 
AudioAudio
Xonar STX Beyerdynamic DT 990 
  hide details  
Reply
post #6 of 16
Thread Starter 
OK, some methods to consider. When you know exactly who you want to allow in it seems to make it a bit easier. I was working with the firewall down and other rigs on my dsl line were working slow so(and the activity light on my modem was going nuts) I shut down the server, things returned to normal. I concluded that the server was getting hit on repeatedly, then I noticed my browser(on the server) was all messed up (some images missing).+reps all

EDIT: Has anyone ever tried comm port file transfers? they are described in my XP book and I was wondering if this was a good way for file transfers for two computers that are close together. What I do is create html files in Dreamwerver on one computer then save them on the server (in the "htdocs" folder of Apache). With the server exposed like it has been (through port 80)I did not like to get too much going on it . The server is only a P4 (upgraded to a 2.8GHZ cpu) it struggled to run Dreamweaver with the 1.4 P4 it came with, perhaps now it works better. The idea with a home hosted web site is you don't expose your good stuff through port 80 (or any other port) as the potential to get infected is high. Ideally I would like to run Dreamweaver on the same machine that acts as my server, makes file transfers a snap. Using two machines file transfers work good but as of now I have been leaving the firewall down to do this.
Edited by PCCstudent - 12/20/10 at 2:32pm
WC Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-930@4.05GHz ASUS P6X58D-Preminum XFX GeForce 275 896mb 6GB Corsair TR3X6G1600C8D 
Hard DriveOptical DriveOSMonitor
WD 150gb Raptor LightScan Win 7 64-bit Acer 22" 
KeyboardPowerCaseMouse
G15 Corsair HX620W Antec 1200 several various 
Mouse Pad
none 
  hide details  
Reply
WC Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-930@4.05GHz ASUS P6X58D-Preminum XFX GeForce 275 896mb 6GB Corsair TR3X6G1600C8D 
Hard DriveOptical DriveOSMonitor
WD 150gb Raptor LightScan Win 7 64-bit Acer 22" 
KeyboardPowerCaseMouse
G15 Corsair HX620W Antec 1200 several various 
Mouse Pad
none 
  hide details  
Reply
post #7 of 16
Quote:
Originally Posted by PCCstudent View Post
EDIT: Has anyone ever tried comm port file transfers? they are described in my XP book and I was wondering if this was a good way for file transfers for two computers that are close together. What I do is create html files in Dreamwerver on one computer then save them on the server (in the "htdocs" folder of Apache). With the server exposed like it has been (through port 80)I did not like to get too much going on it . The server is only a P4 (upgraded to a 2.8GHZ cpu) it struggled to run Dreamweaver with the 1.4 P4 it came with, perhaps now it works better. The idea with a home hosted web site is you don't expose your good stuff through port 80 (or any other port) as the potential to get infected is high. Ideally I would like to run Dreamweaver on the same machine that acts as my server, makes file transfers a snap. Using two machines file transfers work good but as of now I have been leaving the firewall down to do this.
COM port is sloooowwwww...... Look for something like the Tornado cable to do quick and easy file transfers between two computers...
ESXi Host 1
(15 items)
 
  
CPUMotherboardGraphicsRAM
(2x) Intel Xeon E5520 Dell OnBoard Matrox G200 24GB DDR3 12x2GB UDIMMS (18 slots total) 
Hard DriveHard DriveHard DriveHard Drive
PERC6-RAID50 Intel 730 480GB Intel 320 300GB Synology DS414 iSCSI SAN 
OSMonitorKeyboardPower
VMWare vSphere5 Enterprise Plus Dell iDRAC6 Remote Management [KVM-Over-IP] Dell iDRAC6 KVM Dell Hot-Swap Redundant 1100W 
CaseMouse
Dell PowerEdge T710 Stock Dell iDRAC6 KVM 
  hide details  
Reply
ESXi Host 1
(15 items)
 
  
CPUMotherboardGraphicsRAM
(2x) Intel Xeon E5520 Dell OnBoard Matrox G200 24GB DDR3 12x2GB UDIMMS (18 slots total) 
Hard DriveHard DriveHard DriveHard Drive
PERC6-RAID50 Intel 730 480GB Intel 320 300GB Synology DS414 iSCSI SAN 
OSMonitorKeyboardPower
VMWare vSphere5 Enterprise Plus Dell iDRAC6 Remote Management [KVM-Over-IP] Dell iDRAC6 KVM Dell Hot-Swap Redundant 1100W 
CaseMouse
Dell PowerEdge T710 Stock Dell iDRAC6 KVM 
  hide details  
Reply
post #8 of 16
Thread Starter 
ComGuards,good to hear from you, I will google "tornado cable" right now. Hey I did get infected with the firewall down and port 80 open. The infection went to the Dreamweaver machine networked to it (both on XP). I fired up the Dreamweaver rig and the only place I could go was too a webpage from Qwest asking if I wanted the infection removed, I never knew Qwest would do that stuff.
WC Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-930@4.05GHz ASUS P6X58D-Preminum XFX GeForce 275 896mb 6GB Corsair TR3X6G1600C8D 
Hard DriveOptical DriveOSMonitor
WD 150gb Raptor LightScan Win 7 64-bit Acer 22" 
KeyboardPowerCaseMouse
G15 Corsair HX620W Antec 1200 several various 
Mouse Pad
none 
  hide details  
Reply
WC Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-930@4.05GHz ASUS P6X58D-Preminum XFX GeForce 275 896mb 6GB Corsair TR3X6G1600C8D 
Hard DriveOptical DriveOSMonitor
WD 150gb Raptor LightScan Win 7 64-bit Acer 22" 
KeyboardPowerCaseMouse
G15 Corsair HX620W Antec 1200 several various 
Mouse Pad
none 
  hide details  
Reply
post #9 of 16
Quote:
Originally Posted by PCCstudent View Post
ComGuards,good to hear from you, I will google "tornado cable" right now. Hey I did get infected with the firewall down and port 80 open. The infection went to the Dreamweaver machine networked to it (both on XP). I fired up the Dreamweaver rig and the only place I could go was too a webpage from Qwest asking if I wanted the infection removed, I never knew Qwest would do that stuff.
Back in the old days they wouldn't. But with current-generation malicious software that can possibly saturate WAN connections with spam, it's in their interest to offer *some* proactive protection or some such...

You should never need to drop the firewall on the WAN port... never ever.

If the webpage is only for you and your professor, I would personally NAT a higher-number port to avoid being scanned by malicious software. That is, on your router, translate external port 60080 to internal port 80, and point it to your web-server. Then to access it externally, you would use http://www.<domain>.com:60080. And then pair it up with authentication...
ESXi Host 1
(15 items)
 
  
CPUMotherboardGraphicsRAM
(2x) Intel Xeon E5520 Dell OnBoard Matrox G200 24GB DDR3 12x2GB UDIMMS (18 slots total) 
Hard DriveHard DriveHard DriveHard Drive
PERC6-RAID50 Intel 730 480GB Intel 320 300GB Synology DS414 iSCSI SAN 
OSMonitorKeyboardPower
VMWare vSphere5 Enterprise Plus Dell iDRAC6 Remote Management [KVM-Over-IP] Dell iDRAC6 KVM Dell Hot-Swap Redundant 1100W 
CaseMouse
Dell PowerEdge T710 Stock Dell iDRAC6 KVM 
  hide details  
Reply
ESXi Host 1
(15 items)
 
  
CPUMotherboardGraphicsRAM
(2x) Intel Xeon E5520 Dell OnBoard Matrox G200 24GB DDR3 12x2GB UDIMMS (18 slots total) 
Hard DriveHard DriveHard DriveHard Drive
PERC6-RAID50 Intel 730 480GB Intel 320 300GB Synology DS414 iSCSI SAN 
OSMonitorKeyboardPower
VMWare vSphere5 Enterprise Plus Dell iDRAC6 Remote Management [KVM-Over-IP] Dell iDRAC6 KVM Dell Hot-Swap Redundant 1100W 
CaseMouse
Dell PowerEdge T710 Stock Dell iDRAC6 KVM 
  hide details  
Reply
post #10 of 16
Thread Starter 
ComGuards, I have been doing a bit of reading about trying to "NAT" my Actiontech1000M modem and not alot of good is being said. I have found alot of good things with the CISCO 678 dsl Modem. The good things said is that port forwarding is much easier to setup. I can find the CISCO 678 for about $100.00 refurbished. What do you think about using the 678? I am in this for the long term and I don't mind having a second router.

Qwest sells their statics in blocks of 8 leaving 5 user assignable. I want to get 4 machines on my 5 user assignable (second site). I need to ask Qwest what their opinion is about the 678 but I believe it is one they use. Lots on the net about "NAT", much more than I thought there would be.
WC Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-930@4.05GHz ASUS P6X58D-Preminum XFX GeForce 275 896mb 6GB Corsair TR3X6G1600C8D 
Hard DriveOptical DriveOSMonitor
WD 150gb Raptor LightScan Win 7 64-bit Acer 22" 
KeyboardPowerCaseMouse
G15 Corsair HX620W Antec 1200 several various 
Mouse Pad
none 
  hide details  
Reply
WC Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7-930@4.05GHz ASUS P6X58D-Preminum XFX GeForce 275 896mb 6GB Corsair TR3X6G1600C8D 
Hard DriveOptical DriveOSMonitor
WD 150gb Raptor LightScan Win 7 64-bit Acer 22" 
KeyboardPowerCaseMouse
G15 Corsair HX620W Antec 1200 several various 
Mouse Pad
none 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Servers
Overclock.net › Forums › Specialty Builds › Servers › Limiting port 80 access