Security for webserver behind router?

[RW]

On Wednesday 19 January 2005 07:21, Jay O'Brien wrote:
> I've brought up a 5.3 Release machine as a learning tool,
> with apache 1.3. It is on a LAN with Windows machines, and
> port 80 (and only port 80) is open and directed by the
> Linksys router to the FreeBSD machine. It is working fine so
> far, but my learning curve is slower than I would like.
>
> I know that there's lots to learn and do later about
> security, when I bypass the Router and use the FreeBSD box
> as the NAT device, but for now I would like to confine my
> learning to Apache, with only port 80 open. I do have ftp
> and ssh enabled on the LAN for access by the Windows boxes.
>
> As I haven't done anything for security on the FreeBSD
> machine, am I exposed to anything by having port 80 open? Is
> there anything I should do now?

It's in the nature of any webserver software that it provides rich picking for 
hackers.

If it's a learning tool, don't expose apache to the internet, you can test it 
perfectly well from your local network. If you want to access it from a 
remote location, then setup your FreeBSD firewall to allow access from a 
limited range of ip addresses.