Topic: Remove External Access to Port 80

[PhilV]

My httpd log is full of requests from ip address on the WAN trying to run various scripts on my server, (of course these don't work, but it's annoying!)

How can I configure SME to not allow access to port 80 from external? I still need port 80 open for connection from the lan, (to access server manager and the like), and I still want my mail port open on both interfaces, but I do NOT want my primary domain presenting a web page to the outside world.

At the moment if I go to my url it presents just the page with a file listing, (which is empty), and the usual link to 'Parent directory' which does nothing as that is already the root for the webserver). how do I stop my SME dispalying this webpage at all?

Thanks,

Phil

[Ed]

I haven't tried but
1.  Turn off httpd-e-smith
    (Lose insternal web page as well but the server-manager is handled by httpd-admin)

or

2.  portforward port 80 to an invalid internal address

Ed

[raem]

> My httpd log is full of requests ...........it's annoying

This is the "joy" of having a server on the Internet !
These are not really a problem so just tolerate it.


> At the moment if I go to my url it presents just the page with a file listing.......how do I stop my SME displaying this webpage at all?

Just delete all the files in the Primary/html folder

If you change your configuration from "Server and Gateway" to "Private Server and Gateway", you will disable all external access. You have to log on as admin and run Configure this server again.

The world won't know you exist then !

[Boris]

If you change your configuration from "Server and Gateway" to "Private Server and Gateway", you will disable all external access. You have to log on as admin and run Configure this server again.
The world won't know you exist then !

This will disable external e-mail as well.
As for listing in the default folder, it shows then you don't have index.html file. So create a simple one (even blank page).

[PhilV]

So there is no easy way to just drop packets for port 80 on the external interface? I was thinking of using iptable / chains, (can't remember which is the better), but I'm not to hot on how to manipulate them. Can anyone help me out there?

Thanks again,

Phil

[mbachmann]

Create an iptables custom template fragment and drop tcp/ip/udp/whatever/all requests to port 80.

type iptables -L to see current rules.

Default template:
/etc/e-smith/templates/etc/rc.d/init.d/masq/

Custom template directory:
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/

Search for posts from bobk and our french friend Muzo a.k.a MasterSleepy, they've good knowledge about this.

There has been a contrib "e-smith-denyport" but i don't know what's happen to it.