How can I be sure no one accesses my localhost - security

I will like to host OwnCloud on my own machine, and access it via localhost (I don't know yet if this is possible, but if it's not, then the question remains valid, this is just to give you a better idea of the situation), however, I'm not completely sure that I'll be the only one being able to access it.
From looking at other similar questions, for example here ("How can I access my localhost server from other computers?"), I found that there is some configuration you have to do first if you want others to be able to access your localhost, and they even have to be in the same network.
However, in this other question ("How can I access my localhost from my Android device?"), I find that you can do it easily without any configuration.
Then the problem is, how to make sure no one, except my machine, can access the localhost?

If you have Apache, put Listen 127.0.0.1:80 on the configuration file and restart Apache.
Nginx is almost the same. Put listen 127.0.0.1:80; on the config file and restart Nginx.
After restarting your webserver, issue a netstat -an A | find "80" on Windows, or netstat -patune | grep 80 on Linux and see if the service is running only on 127.0.0.1. On my Linux I see something like this (notice 127.0.0.1:80):
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 0 9711 -
And only programs running on the same computer can access it now. You phone cannot, your router cannot, nobody outside your computer can even know that the port 80 is listening. Even knowing the IP, the port, and belonging to the same network is not possible to connect to it.

Related

Can connect to nginx server inside LAN but not publicly

I'm trying to set up a Mastodon instance on my Raspberry Pi 4 at home, running Raspbian/Debian Linux. I have no idea what I'm doing.
The nginx server is running, working. When I access it from localhost or from inside the LAN, it gives a result like this, as expected:
When I try to access it from outside the LAN, it eventually times out or gives a "connection was reset" error.
Or in firefox:
At first I suspected that it was a problem with my firewall, like maybe it was blocking HTTP traffic into it. But it's allowing HTTP traffic through. I even stopped the firewall entirely, but it's still doing the same thing. (I'm using IPTables)
All of the necessary ports should be forwarded to the pi on my optimum router:
Here's the site's nginx config, just an edited copy of mastodon's given nginx configuration template. I have the HTTPS server commented out, as I'm only working with HTTP right now. I'm trying to get the http server working so I can use certbot to get an SSL certificate, but certbot's unable to connect to the nginx server, runs into the same "connection reset" error. The server_name is irrelevant (or is it?) as i'm just trying to connect to it through IP right now, and commented out the other "location" properties that the template came with, as I'm just trying to get the server to work in the first place, running mastodon on it and getting the SSL certificate and getting the domain to work will come after.
What causes it to work inside LAN but not outside it? Even with the necessary ports forwarded to the pi?
Edit:
Here's what it looks like inside the LAN, working correctly:
and here's when I try to access it outside the LAN (through ProtonVPN in this case)
https://www.reddit.com/r/OPTIMUM/comments/rxjw1v/optimum_internet_not_forwarding_traffic_on_port_80/
By default, Optimum blocks ports 80 and 25, even if they are port-forwarded.
Optimum support referred me to this obscure page that I couldn't find linked anywhere on the site, did exactly what i needed: https://www.optimum.net/internet/boost/

Website not showing on lan but shows on host computer

I made a nginx server at 192.168.1.106 and I can access it from the host computer but it doesn't show when I access it on a computer in the same network. But I can ssh into the server from a different computer using the same address. I checked my firewall to make sure it isn't blocking anything.
How do I access the server form a different computer?
> iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
The server_namedocs directive is used to identify virtual hosts, they're not used to set the binding.
netstat tells you that nginx listens on 0.0.0.0:80 which means that it will accept connections from any IP.
If you want to change the IP nginx binds on, you have to change the listendocs rule.
So, if you want to set nginx to bind to localhost, you'd change that to:
listen 127.0.0.1:80;
In this way, requests that are not coming from localhost are discarded (they don't even hit nginx).

How to access local web server from another computer

I know this may be asked in different threads, but I really couldn't find a solutions for my simple problem.
I have a web server (Ubuntu) on port 4000 running and I want to access it from my second computer (same network). I don't mind if it's exposed to the Internet (it's only temporally).
I can ping the web server computer, but port 4000 is not reachable.
Can some give me a simple solution for this problem? That would make my day.
EDIT:
I run jekyll serve
EDIT:
Okay I found a really helpful blog entry for solving my problem.
link
If you are running Apache2 webserver edit your configuration like this:
From:
Listen 127.0.0.1:4000
To:
Listen 4000
See https://httpd.apache.org/docs/current/en/bind.html for reference.
Configuration examples for nginx are available here: https://nginx.org/en/docs/http/ngx_http_core_module.html#listen
Restart/reload your apache2 or nginx service to apply configuration changes.
Your webserver is now reachable through http://[webserverip]:4000

Amazon Nodejs webserver

I'm getting stuck here, so i have an amazon ec2 (standard redhat server) host up and working. i can connect to it personally no problem, however it cannot be connected to outside of my ip.
I've checked the rules and i have port 80 and 3000 open to 0.0.0.0/0 to be able to communicate, however outside of my computer (and computers in this network) i can not connect.
Everything I've found is about connecting to ssh which works fine, i have no rules in iptables, i haven't dealt much with them before, but since i can connect to the service i don't think its the issue.
summary:
Web server is running, i can connect from my computer to it, and any others in my local network, but nothing outside of it works.
i do have httpd installed as well as a simple forward from the browser to port 3000, however i cant connect to it either from outside my network.
so this is a new one for me, the dns forwarding works in houst, but not outside. so inside and outside here, i can use IP address to connect, but inside only i can connect with my dns lookup. not sure what caused this, but its not an amazon problem at least. going to look at that side.

Launching Azure debug from Visual studio and bind in * instead of 127.0.0.1

I am doing a small app using Windows Azure.
While debugging my app and I wanted to make a request from another computer and I couldn't get to it. Although I can see the IIS webpage.
Looking into netstat I found this:
TCP 0.0.0.0:80 Windows7-VBox:0 LISTENING
TCP 127.0.0.1:81 Windows7-VBox:0 LISTENING
TCP 127.0.0.1:82 Windows7-VBox:0 LISTENING
How can I make Azure bind to 0.0.0.0 instead of 127.0.0.1?
EDIT:
Here's a good link with the different options available.
Looks like http://www.iis.net/expand/ApplicationRequestRouting is the simple thing to do but I can't manage to get it working.
The rule is up and running but when I hit it from the other computer I just see a browser of files. Any idea?
No, for security reasons. (WA Simulation Environment runs elevated.)
But if you grab a port forwarder, you can probably rig something up.

Resources