Securing Apache 2.2 on Windows XP

Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can!

Moderator: General Moderators

Post Reply
User avatar
seodevhead
Forum Regular
Posts: 705
Joined: Sat Oct 08, 2005 8:18 pm
Location: Windermere, FL

Securing Apache 2.2 on Windows XP

Post by seodevhead »

Hey guys...

I just installed Apache 2.2 on Windows XP and want to make sure I don't have many security exploits available to any hackers out there. So I set my Listen directive in httpd.conf to 'Listen 127.0.0.1:80'.

Since it seems that Apache uses Port 80... I thought perhaps I would set up my home router to block port 80... is that smart? I know nothing about how ports work, nor if blocking port 80 would make anything more secure, or if I'd be messing up other stuff that may use port 80 (do other things use port 80?). Just thought I'd ask to see if any of you know a thing or two about this stuff.

Any other recommendations for securing WAMP? I set my router to block port 3306 to prevent any MySQL exploits.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Re: Securing Apache 2.2 on Windows XP

Post by timvw »

Imho, your router should be set up to deny all (incoming) connections... Only when you consider it absolutely necessary you should pinch holes to allow a specific type of traffic....
User avatar
seodevhead
Forum Regular
Posts: 705
Joined: Sat Oct 08, 2005 8:18 pm
Location: Windermere, FL

Re: Securing Apache 2.2 on Windows XP

Post by seodevhead »

Really? That would be good. I use a Comcast gateway router... all our computers are wired. Do you know of a way to check and make sure all incoming connections are blocked? Thanks.
Doug G
Forum Contributor
Posts: 282
Joined: Sun Sep 09, 2007 6:27 pm

Re: Securing Apache 2.2 on Windows XP

Post by Doug G »

all our computers are wired. Do you know of a way to check and make sure all incoming connections are blocked?
www.grc.com has an online checker for open ports.
User avatar
seodevhead
Forum Regular
Posts: 705
Joined: Sat Oct 08, 2005 8:18 pm
Location: Windermere, FL

Re: Securing Apache 2.2 on Windows XP

Post by seodevhead »

Hey Doug... man that is a really cool website.. thanks for the link.

I only failed one thing:

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

Icouldn't find anything on that website explaining what one should do if you fail this particular test. Since I am on a Comcast High-Speed Router... I'm not even sure if this is something I can do. Any idea how I would go abotu turning off ping reply? Thanks for your help.
Doug G
Forum Contributor
Posts: 282
Joined: Sun Sep 09, 2007 6:27 pm

Re: Securing Apache 2.2 on Windows XP

Post by Doug G »

ping is a tool to test connectivity from end to end using ICMP echo. I enable ping replies in remote sites I manage, but some prefer to disable ping replies to keep scanners from determining that there is some live server at the IP. For myself, I need to be able to tell if a remote site has died, so I need ping to function. If the rest of your security is under control, imho there is no risk in allowing ping replies from your site.
User avatar
seodevhead
Forum Regular
Posts: 705
Joined: Sat Oct 08, 2005 8:18 pm
Location: Windermere, FL

Re: Securing Apache 2.2 on Windows XP

Post by seodevhead »

Hey Doug...

Well this is just a development server that isn't meant to be seen from the outside world. That's why I'm trying to take all the measures I can to make sure I'm not "putting myself out there" for mal-intents.
Post Reply