Disabling access to the web server running on your local OSX machine
- 1 Messages
- Collapse All
- Expand All
- Subscribe
Jun 25
Jolle Carlestam Disabling access to the web server running on your local OSX machine
Jun 25, 2015; 18:27
Jolle Carlestam
Disabling access to the web server running on your local OSX machine
Here=92s a tidbit that might come in handy.
I suppose I am not the only one who=92s got Lasso installed on their local OSX workstation. And thus probably have Apache activated as well. We do this so that we can develop and test our solutions locally. Simple and convenient.
But, have you given any thought on if that also opens up for access from someone else on the same network?
Because it does. Might not be a real world issue as long as you=92re staying in your office and have your office network protected by state of the art firewalls. Snooping colleagues don=92t need to access your web server to see what you=92re working on. They can just as well peek over your shoulder.
If you on the other hand are using a laptop. And from time to time bring that laptop with you outside your office. For example to a nearby caf=E9 or an airport terminal. Know that as soon as you connect your laptop to the public WIFI in those places you are also activating a publicly available web server that anyone on the same WIFI can access. Do you really want that? All they need is your IP number. How hard can that be to guess?
Solution, as I figure it, is to activate the built in firewall that OSX provides. If you have not activated it yet, now is a really good time to do so.. For a lot of other reasons than to protect your local web server. In clear text; the local firewall should ALWAYS be ON.
However, activating the firewall is not enough. It needs some hands on tweaking as well. Once activated there=92s a button labeled Firewall Options, or something similar. Click it.
You probably don=92t want "Block all incoming connections=94 ticked. It will put your machine in a very restrictive mode and disallow a lot of things that you like. Like messaging, Skype, file sharing etc. When it=92s unticked you=92ll see a list of applications that you can select to Allow or Deny incoming access for. However, Apache, who=92s responsible for serving your web stuff, will not appear in the list. Nor is it easy to find by clicking the plus icon to select additional applications to block, or allow. The plus icon will only open up the regular Application folder and Apache is not located there. The computer is also not happy to provide you with ways to find Apache. It is hidden in directories that is not easily accessible thru normal paths.
The trick I used was to first have the select Application popup open in Firewall Options.
Then go to Finder and select the menu option =94Go to Folder=85=94.
In the dialog that pops up type =94/usr/=94 and hit return.
This will open up a new Finder window with the content of the usr folder.
In it there=92s a folder called sbin.
Drag that folder to System Settings and the Select application popup.
This will make the content of sbin available to choose.
In it there=92s something called httpd. That is the actual Apache executable. (yes, why would it be called Apache when httpd is a much more intuitive name)
Select it.
Once it shows up in the list of applications that the firewall should concern itself with, select to Deny incoming connections for it.
In my case, I already had lassoserver and lassospitfire as applications in the list. It=92s probably a good idea to deny access to them as well. If they don=92t appear in the list. Use the same procedure as when you located httpd and set them to Deny.
If there are smarter ways to do this I am all ears. Also, if I=92ve missed something so that my machine is still vulnerable, please speak up.
Enjoy
HDB
Jolle
#############################################################
This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>
I suppose I am not the only one who=92s got Lasso installed on their local OSX workstation. And thus probably have Apache activated as well. We do this so that we can develop and test our solutions locally. Simple and convenient.
But, have you given any thought on if that also opens up for access from someone else on the same network?
Because it does. Might not be a real world issue as long as you=92re staying in your office and have your office network protected by state of the art firewalls. Snooping colleagues don=92t need to access your web server to see what you=92re working on. They can just as well peek over your shoulder.
If you on the other hand are using a laptop. And from time to time bring that laptop with you outside your office. For example to a nearby caf=E9 or an airport terminal. Know that as soon as you connect your laptop to the public WIFI in those places you are also activating a publicly available web server that anyone on the same WIFI can access. Do you really want that? All they need is your IP number. How hard can that be to guess?
Solution, as I figure it, is to activate the built in firewall that OSX provides. If you have not activated it yet, now is a really good time to do so.. For a lot of other reasons than to protect your local web server. In clear text; the local firewall should ALWAYS be ON.
However, activating the firewall is not enough. It needs some hands on tweaking as well. Once activated there=92s a button labeled Firewall Options, or something similar. Click it.
You probably don=92t want "Block all incoming connections=94 ticked. It will put your machine in a very restrictive mode and disallow a lot of things that you like. Like messaging, Skype, file sharing etc. When it=92s unticked you=92ll see a list of applications that you can select to Allow or Deny incoming access for. However, Apache, who=92s responsible for serving your web stuff, will not appear in the list. Nor is it easy to find by clicking the plus icon to select additional applications to block, or allow. The plus icon will only open up the regular Application folder and Apache is not located there. The computer is also not happy to provide you with ways to find Apache. It is hidden in directories that is not easily accessible thru normal paths.
The trick I used was to first have the select Application popup open in Firewall Options.
Then go to Finder and select the menu option =94Go to Folder=85=94.
In the dialog that pops up type =94/usr/=94 and hit return.
This will open up a new Finder window with the content of the usr folder.
In it there=92s a folder called sbin.
Drag that folder to System Settings and the Select application popup.
This will make the content of sbin available to choose.
In it there=92s something called httpd. That is the actual Apache executable. (yes, why would it be called Apache when httpd is a much more intuitive name)
Select it.
Once it shows up in the list of applications that the firewall should concern itself with, select to Deny incoming connections for it.
In my case, I already had lassoserver and lassospitfire as applications in the list. It=92s probably a good idea to deny access to them as well. If they don=92t appear in the list. Use the same procedure as when you located httpd and set them to Deny.
If there are smarter ways to do this I am all ears. Also, if I=92ve missed something so that my machine is still vulnerable, please speak up.
Enjoy
HDB
Jolle
#############################################################
This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>
Jun 26
Johan Solve Re: Disabling access to the web server running on your local OSX machine
Jun 26, 2015; 00:27
Johan Solve
Re: Disabling access to the web server running on your local OSX machine
Search
Thread Keywords
No keywords defined. Log in to define appropriate keywords
Lasso Programming
This site manages and broadcasts several email lists pertaining to Lasso Programming and technologies related and used by Lasso developers. Sign up today!