Apache2Triad Help, Support and Development

[Costaud]

Hello,

I'm wondering if installing Apach2Triad will make my PC a server that anyone can access it?!

I just want it as a personal server (localhost), to test my scripts locally.

Please advise.

[lku homer]

No, just installing A2T will not automatically open up your computer for the world to see. The default install doesn't open automatically set your "server" as open, in fact if you look around, most people can't get it to open up even when they are trying to.

As long as you don't open up your firewall to the outside, you server will not be able to be accessed by anyone outside your localhost.

[gizmo7]

I'm having the same question...does someone here know the answer?

You see I run a few sites, and one of them is a blog. Now I'm new to the blog community, but I did join MyBlogLog, and here I forgot and I placed their tracking js code on my test (mirror) site on my PC. This is all just for tests, nothing more, as in customizing the look and feel or testing whether a plugin works...for my WordPress site.

So anyway,

I realized something was not right when looking at my stats inside MyBlogLog (if you guys are bloggers and part of the community there, you'll know what I mean...) I could see a link to my http://localhost/mysitename under my MBL stats panel

and the views showed 14 views to be precise. I dont know whether the 14 views were my own or not, but obviously not...when I clicked the link, and behold...it connected to my localhost test site!!

Can you believe that?

So, I deleted the entire Apache2Triad and every folder in there, and now I am really NOT sure whether http://localhost/mytestsite cannot be accessed by outsiders...my experience shows it can...

So, if anyone can find the time (and be so kind), please explain to me, how I set A2T again and not have it accesible to anyone but myself??

Thank you :(

P.S: Forgot to mention, but I noticed before that google Ads can run on my localhost sites and (have the precise targetting to boot), so that means google staff could also access my test sites all this while, am I right? :roll:

[lku homer]

No one should be able to access your localhost. Ever.

But anyway, you can have each VHost on a different ListenPort. From there you can open up only the ports that you want the public to access. That should be all you need to do. I am not 100% on this since I have never had to deal with it.

[gizmo7]

Quote: No one should be able to access your localhost. Ever.

I thought so too...but that was before I could actually click on the link and my localhost site opens up. Not only that, when I deleted the folder the localhost site was under, the http://localhost/ showed all the other directories in the root !!

:shock:

I really hope others can chime in,if you dont believe me, why not connect to the internet using an open relay port, (the one that gives you dynamic IPs everytime...maybe your ISP is like that)...I hope I am sounding correct, since I don't understand server talk...and then create an account on MyBlogLog, and create a localhostsite and then place their JS code on your script, use a Wordpress install.

You will see your link appear there in your stats on MyBlogLog, and you CAN connect to your localhost site just by clicking that link.

I am very concerned about what this means, I could be wrong...

[lku homer]

If you open up http://localhost/site on your browser, you will get your site. If I open http://localhost/site in my browser, I will get my site. Under no circumstance will I be able to type in http://localhost/site will I be able to get your site. It is not possible for me to get a localhost that is on your server.

[gizmo7]

Thanks for the enlightenment, Iku....

But just wondering about the MyBlogLog incident, and the fact there were 14 views listed for that http://localhost/mysite link...in my stats control panel over there at MyBlogLog....

I'm still wondering if MyBlogLog staff could actually peer in considering, I embedded their JS tracking code (to track MyBlogLog) visitors in my test site.

Sorry, if I'm fuzzy on this...server lingo has me all blur.

[lku homer]

No, it is not possible for someone else to view your localhost. The js you put on your localhost site can send information out, but it is not possible for anything to go into it.

[gizmo7]

Just an update:

I sent MyBlogLog an email regarding my concerns about the localhost link in my stats and I just received an email reply from them (18 April):

My original email to them:

Quote: Hello MBL,

I have a question I need to ask you. I use my localhost extensively for code testing, and what works or what doesnt work can be corrected fast.

But, the problem is, now when people view my profile, they can see my URL to my localhost and actually connect to my PC from the URL. I have yet to find out a way to make my PC a private server, so in the meantime, it goes without saying its not secure, right?

In future, I hope that a work around can be found for this, so that my localhost site doesnt get bunched up in my stats for everyone to see. I think it's better to disallow this URL stats viewing altogether....do let me know your say

Their reply:



Quote: Hi to (me),



This has been suggested in the past and we’ll be working to exclude localhost urls from appearing in your stats in the not too distant future.



Thank you for the suggestion!


From their email, it sounds as if they (MBL staff) or anyone could actually see a localhost site... :o

If they couldn't, they would have said so? At the time I emailed them, I was under the impression that my localhost was accessible. Their reply didnt say it wasnt.

Comments, anyone?

[lku homer]

No. They cannot see your localhost. They want to take the localhost away. The easy way to do it is to take the JS off the localhost site.