Comment 1 for bug 1845665
Revision history for this message
| Rodrigo Barbieri (rodrigo-barbieri2010) wrote Re: Apache hardening should disable (or provide the option to disable) http port 80 | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
I believe regardless of hardening, if SSL is used, we could perhaps disable access to port 80 entirely.
I checked in my lab that the only way to effectively prevent port 80 from being open is to comment out or remove "Listen 80" from ports.conf.
Currently we do not handle that file. Perhaps we could manage through the charm and add:
<IfModule !ssl_module>
Listen 80
</IfModule>
Therefore, whenever ssl_module is not present, it will use port 80. I tested this in my lab, in one HTTP and one HTTPS deployment. With the above condition added in favor of the default "Listen 80", port 80 was open only in the HTTP env.