From owner-freebsd-questions@FreeBSD.ORG  Thu Jan 20 06:05:42 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CCBAD16A4CE
	for <questions@freebsd.org>; Thu, 20 Jan 2005 06:05:42 +0000 (GMT)
Received: from mtiwmhc12.worldnet.att.net (mtiwmhc12.worldnet.att.net
	[204.127.131.116])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7E99F43D1D
	for <questions@freebsd.org>; Thu, 20 Jan 2005 06:05:42 +0000 (GMT)
	(envelope-from jayobrien@worldnet.att.net)
Received: from [192.168.1.6]
	(dsl093-180-184.sac1.dsl.speakeasy.net[66.93.180.184])
	by worldnet.att.net (mtiwmhc12) with ESMTP
	id <2005012006054111200qqrlre>          (Authid: jayobrien@att.net);
	Thu, 20 Jan 2005 06:05:41 +0000
Message-ID: <41EF4A34.4020808@att.net>
Date: Wed, 19 Jan 2005 22:05:40 -0800
From: Jay O'Brien <jayobrien@att.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7.2) Gecko/20040803
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: FreeBSD - questions <questions@freebsd.org>
References: <41EE0A7B.0@att.net>
	<200501200009.01258.list-freebsd-2004@morbius.sent.com>
	<41EF1C10.2090106@att.net> <1493773909.20050120042307@wanadoo.fr>
In-Reply-To: <1493773909.20050120042307@wanadoo.fr>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Re: Security for webserver behind router?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jan 2005 06:05:42 -0000

Anthony Atkielski wrote:

> Jay O'Brien writes:
> 
> JOB> Thanks, but what I want to know is what risk I have with port 80,
> JOB> and only port 80 open. 
> 
> The risk depends on Apache, since that's the daemon answering the phone
> when someone calls in on port 80.
> 
> Just make sure you're using the latest version of Apache (1.3.33, if you
> want the 1.x version, or 2.0.52, if you want the 2.x version).  Some
> earlier versions are vulnerable.  As long as Apache is secure, port 80
> can be open.
> 

I am running Apache 1.3.33, as you suggest I should. You say "as long as 
Apache is secure"; what should I do to be sure that Apache is secure? 

If there isn't a security risk with the FreeBSD system I've described, 
maybe this question belongs on the Apache mailing list, not here? 

Jay