Page 1 of 1

Web server security

Posted: Tue Jun 17, 2014 1:17 am
by saltydog
I'm using lighttpd and have a php tcp socket server script in the root directory of the server.
In the home directory there is a python client script that also controls gpio.

I don't need the site to be assessable to anyone but myself.

Will password protecting the root folder, maybe also only allowing a single ip access, secure the site?

If not, would using a framework like flask and web-sockets be any better.

Re: Web server security

Posted: Tue Jun 17, 2014 3:10 am
by elatllat
If you want it secure from the rest of the www firewall all but ssh and use an ssh key to proxy your browser through the firewall in ssh.

Re: Web server security

Posted: Tue Jun 17, 2014 9:25 am
by DougieLawson
sudo apt-get install ufw

UFW is a really easy way to control a linux firewall with simple human readable rules that get converted to incredibly complex iptables incantations.

You can control by port and ip address (or ip address block).

Also with Lighttpd you can control which address it listens on (default is INADDR_ANY) with server.bind = "ip.ip.ip.ip" in the config.
If you set server.bind = "127.0.0.1" it can only be connected by local users on your RPi.

Re: Web server security

Posted: Wed Jun 18, 2014 1:29 am
by elatllat
'incredibly complex' is an exaggeration. iptables are quite readable.

Re: Web server security

Posted: Wed Jun 18, 2014 7:42 am
by DougieLawson
elatllat wrote:'incredibly complex' is an exaggeration. iptables are quite readable.
Not for the new Linux user they aren't.

UFW is a nice simple way to make it all easier.

Re: Web server security

Posted: Wed Jun 18, 2014 11:53 pm
by elatllat
ufw allow 22

vs

iptables -A INPUT --dport 22 -j ACCEPT

Re: Web server security

Posted: Thu Jun 19, 2014 8:23 am
by DougieLawson
elatllat wrote:ufw allow 22

vs

iptables -A INPUT --dport 22 -j ACCEPT
Exactly! The first command is much easier to understand and can be ufw allow ssh.

Re: Web server security

Posted: Thu Jun 19, 2014 9:42 am
by FLYFISH TECHNOLOGIES
Hi,
elatllat wrote:ufw allow 22
As input, output, forward... ?
elatllat wrote:iptables -A INPUT --dport 22 -j ACCEPT
Here are no doubts... should be extended with interface item.


Best wishes, Ivan Zilic.

Re: Web server security

Posted: Thu Jun 19, 2014 10:13 am
by DougieLawson
FLYFISH TECHNOLOGIES wrote:Hi,
elatllat wrote:ufw allow 22
As input, output, forward... ?
UFW lets you control all of the iptables parms with nice simple English keywords. It really is more user friendly than iptables for the new Linux users.

http://manpages.ubuntu.com/manpages/sau ... ufw.8.html