How to change the HTTP listening port in Apache

If you find port 80 is a security risk on your network, you can change the Apache listening port to something non-standard.

As just about any IT admin knows, the default web server port is 80. And that's great. But the thing is, hackers know that port 80 is the default and target it with ease. What if you didn't have to leave the Apache web server vulnerable to port 80 attacks? Considering you can easily change the configuration such that your Apache virtual hosts will listen to non-standard ports, it makes perfect sense for anyone having trouble with port 80 attacks.

The one caveat to this is that when you change the default port, all browsers will have to point to that specific port, otherwise any virtual host using the non-default port will not render. 

This is also a good trick to have up your sleeve when you have a single Apache server hosting sites that might require using different ports for different services. For instance, if you have a site for customers on port 80 and you want to serve up a site for clients on port 8081. With Apache, that's not only possible, it's easy.

Let me show you how you can change the port for Apache. I'll demonstrate on Ubuntu Server 18.10, but will also give indications on how the process is done on Red Hat and Fedora-type servers.

SEE: Choosing your Windows 7 exit strategy: Four options (TechRepublic Premium)

What you'll need

The only things you need are a running LAMP server and a user account with sudo privileges. The "L" portion of LAMP could be Ubuntu, SUSE, Red Hat, Debian, Fedora Server, or nearly any Linux distribution.

How to add the new port

The first thing we'll do is add to the default listening Apache port. To do this, log in to your Linux server and issue one of the following commands:

  • For Ubuntu/Debian-based servers - sudo nano /etc/apache2/ports.conf
  • For Red Hat-based servers - sudo nano /etc/httpd/conf/httpd.conf

In the now-open file (Figure A) add Listen 8081 under the Listen 80 line.

Figure A

lampportsa.jpg

The ports.conf file in Ubuntu Server.

Save and close the file.

How to configure the virtual host

Now we need to configure our virtual host to listen to the new port. I'll demonstrate with the default virtual host, but you can modify this to fit any virtual host you've added to Apache. Open the virtual host file with the command:

sudo nano /etc/apache/sites-enabled/000-default.conf

For Red Hat-based systems, the virtual host files are found in /etc/httpd/conf.d/.

At the top of the file, you'll see the beginning of the directive:

<VirtualHost *:80>

Change that line to:

<VirtualHost *:8081>

Save and close the file.

Restart Apache with the command:

sudo systemctl restart apache2

Or for Red Hat-based systems:

sudo systemctl restart httpd

You should now be able to point a browser to http://SERVER_IP:8081 (Where SERVER_IP is the IP address of the hosting server) to see the Apache welcome site (Figure B), or the welcome page of your virtual host.

Figure B

lampportsd.jpg

A familiar page.

Extra work with Red Hat 

If your distribution of choice is Red Hat-based, you might have to undertake a bit of extra work. In order for Apache to link to the new port, you must first install the policycoreutils application. Install the software with the command:

sudo yum install policycoreutils

Once the software is installed, add the new SELinux rules for port 8081 with the following commands:

sudo semanage port -a -t http_port_t -p tcp 8081
sudo semanage port -m -t http_port_t -p tcp 8081

After running the above commands, restart apache with the command:

sudo systemctl restart httpd

You should now be able to see your virtual host, via port 8081, as served up by your Red Hat-based Apache server.

And that's all there is to serving up websites on a non-standard port. Of course, you don't have to use port 8081. In fact, you can use just about any port you need--so long as it doesn't conflict with a port used by another service.

Also see

apachehero.jpg

Image: Apache