Installing Apache and port 80

I have installed Apache 2.2 (and PHP/MySQL) on my personal computer so I can run PHP scripts without needing to upload them every time to my server for testi开发者_如何学Gong.

The Apache is working on port 80, i.e. I can view my script by going to http://127.0.0.1:80/index.php .

My question is if there is any danger by using the Apache that way, in the sense that now port 80 is listening. Can anyone use this situation to attack my computer?

Thanks,

Joel

Only if it's bound to external addresses (usually any other than 127.0.0.1). Check the Listen directive in the configuration.

You're probably behind a router which blocks access to your computer.

So, no one can attack your computer using port 80 : Even if the port would be accessible from the internet, apache is a really sure software, if you don't run sensible code on it, you don't have to fear that some exploit a leak on it.

You should keep your firewall on so that people from the "outside world" can't connect to port 80 and see your files. That is the safest way of protecting yourself.

You can also block non-local traffic in you apache config file.

You could use this apache config option to make sure no-one else can connect to your server:

Listen 127.0.0.1:80

(You should already have a Listen 80 defined)

The best way is to have a good fire wall. Even though your router has a fire wall. Still you won't be 100% safe because even the White House computers got hacked once and same with Sony!

HUGE COMPANIES WITH EXPENSIVE FIREWALLS!!!!!

But IIS forbids acces to upper directories. Microsoft patched it so visitors can even get out of the SUBDOMAIN FILE IN THE WWWROOT FOLDER.

EX: WWWROOT/Subdomain/
                        ^^^ == NO EXIT