Hi All,
I have installed Apache 2.2.4 on my Linux machine, Fedora 2.6.18. I have enabled ssl while configuring. Now, when I am trying to start the server its giving me the error - (98)Address already in use: make_sock: could not bind to address [::]:80.
For that I ran the command # netstat -na | grep LISTEN.
The output is:
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:945 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
This is not showing 80 or 443 anywhere.
I am cluless as to why this is happening because before this when I had installed Apache2.2.4 without mod_ssl it was working fine for all non-secured pingings.
Thanks,
Sibani
Discussion on:
View:
Show:
First of all, if you want to see what has port 80 in use, don't grep for LISTEN, grep for 80.
netstat -an | grep 80
Secondly, since what you really need to know is what program has port 80 tied up, ask netstat that question:
netstat -an --program | grep 80
I'd bet it's httpd. Did you stop apache?
apachectl stop
netstat -an | grep 80
Secondly, since what you really need to know is what program has port 80 tied up, ask netstat that question:
netstat -an --program | grep 80
I'd bet it's httpd. Did you stop apache?
apachectl stop
Remove the default comments from httpd.conf
In that I have bad eye sight, I fully understand how things might be missed(don't need that service) because they are burried in the forest of comments. I've always left them in for reference(yes, I rtfm) but I also copy the origional httpd.conf to a backup before I make ANY changes after initial install. So, there always is that point of reference(rtfm).
I thought mod_security was installed as default? But, I don't think I realized it's full intention/potential. Have to read more on that one.
Dan
In that I have bad eye sight, I fully understand how things might be missed(don't need that service) because they are burried in the forest of comments. I've always left them in for reference(yes, I rtfm) but I also copy the origional httpd.conf to a backup before I make ANY changes after initial install. So, there always is that point of reference(rtfm).
I thought mod_security was installed as default? But, I don't think I realized it's full intention/potential. Have to read more on that one.
Dan
This is a very good article, extra credit for describing mod_security so well. There are simple how tos out there to get it up and running: http://www.howtoforge.com/apache_mod_security
And while the default rulesets you can get from the main mod_security site are good, I highly recommend getting the latest rules from gotroot and installing/using them instead or along with them: http://www.gotroot.com/mod_security
Lastly, in my consulting job I'm deploying a number of Apache instances, and had the time to really rework httpd.conf. I started with an empty file and went from there. It's currently only 59 lines, but I'm open to any/all opinions on it for improvements. See here for details and leave a comment if you have any:
http://fak3r.com/2007/06/15/apache-server-lockdown-challenge/
Thanks again for the article, this should be required reading for new Apache admins.
And while the default rulesets you can get from the main mod_security site are good, I highly recommend getting the latest rules from gotroot and installing/using them instead or along with them: http://www.gotroot.com/mod_security
Lastly, in my consulting job I'm deploying a number of Apache instances, and had the time to really rework httpd.conf. I started with an empty file and went from there. It's currently only 59 lines, but I'm open to any/all opinions on it for improvements. See here for details and leave a comment if you have any:
http://fak3r.com/2007/06/15/apache-server-lockdown-challenge/
Thanks again for the article, this should be required reading for new Apache admins.
http://www.nuclearelephant.com/projects/dosevasive/ is an Apache module designed to make Apache actively fight DOS attacks. It works for both 1.3 and 2.x versions of Apache.
with mod_fortress you have apache with it's own firewall and ids in one module
http://www.spunge.org/~io
For the Indexes issue, I personally turn them off globally in httpd.conf, then use an .htaccess to turn it on in any folder where I do need the functionality. I also make a generic index.html page that I put in every folder that apache can access that gets displayed instead of a listing of contents, just in case.
with mod_fortress you have apache with it's own firewall and ids in one module
http://www.spunge.org/~io
For the Indexes issue, I personally turn them off globally in httpd.conf, then use an .htaccess to turn it on in any folder where I do need the functionality. I also make a generic index.html page that I put in every folder that apache can access that gets displayed instead of a listing of contents, just in case.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
