[ User ] Login

Bug 194: OPEN

By default, port 80 is not restricted to connections from localhost

Date: 2018-03-24 - Creator: bernhard - Priority standard - 1 message

I am testing a SliTaz 5.0 from another computer in the same network. I connect 
to the  slitazhost:80/ page from the outside, and it says:


Welcome to the SliTaz Busybox HTTP web server. You can delete or modify this 
page to put your own xHTML pages, web sites, CGI or PHP scripts. The server 
configuration file is /etc/httpd.conf. CGI support is activated by default 
using the SHell interpreter for *.sh and bugs.cgi config.cgi index.cgi files. 
This page is located in the server root directory /var/www. The default 
configuration is to allow connections only from localhost so port 80 is not 
open for security reasons.


I have not changed the web server configuration /etc/httpd.conf. So it seems 
that the assertion contained in the page that port 80 is available only from 
localhost is not correct.

Affected package(s): default/httpd

Messages

By: hgt on 2018-03-29 07:54

With SliTaz rolling I get:
The default configuration is to allow connections only from LAN, so port 80 is 
not open to the web for security reasons.
So it would be correct to accept connections from the same network.