Security for webserver behind router?

Ted Mittelstaedt tedm at
Wed Jan 19 23:25:02 PST 2005

> -----Original Message-----
> From: owner-freebsd-questions at
> [mailto:owner-freebsd-questions at]On Behalf Of Jay O'Brien
> Sent: Wednesday, January 19, 2005 10:06 PM
> To: FreeBSD - questions
> Subject: Re: Security for webserver behind router?
> Anthony Atkielski wrote:
> > Jay O'Brien writes:
> >
> > JOB> Thanks, but what I want to know is what risk I have
> with port 80,
> > JOB> and only port 80 open.
> >
> > The risk depends on Apache, since that's the daemon
> answering the phone
> > when someone calls in on port 80.
> >
> > Just make sure you're using the latest version of Apache
> (1.3.33, if you
> > want the 1.x version, or 2.0.52, if you want the 2.x version).  Some
> > earlier versions are vulnerable.  As long as Apache is
> secure, port 80
> > can be open.
> >
> I am running Apache 1.3.33, as you suggest I should. You say
> "as long as
> Apache is secure"; what should I do to be sure that Apache is secure?

Nothing, you nor nobody can do this.  All you can do is subscribe to
the Apache mailing list and if someone discovers a hole in Apache
at some point in the future, then you can immediately patch your
installation with the inevitable patch that will shortly follow.

> If there isn't a security risk with the FreeBSD system I've described,
> maybe this question belongs on the Apache mailing list, not here?

It is more accurate to say that a properly setup system contains
"no security holes KNOWN to the general public at the time that it
was setup"

There is no way to guarentee security.  People are always working
on code looking for holes.  Considering the hundred thousand or
so lines of code in the source of a FreeBSD system running Apache,
it is unrealistic to assume that every single bit of it is completely

Even the Motion Picture Association created a hole when
they came up with the CSS encryption standard that is used on every
DVD sold, and the MPAA has more money than God to throw into
coding (well, at least more money than anyone else in the business)
in short there is absolutely no guarentee no matter how much
money you shit out your arsehole over a project and no matter
how much money it's worth to you, that it can be guarenteed to
be secure.


More information about the freebsd-questions mailing list