BIND DNS Server on a Local Network:  Part 3

Getting the web server ready for BIND

disclaimer
posted: 2020-07-17 | updated: 2020-08-15

page 1 of 4

Model sailing ship seen through wood-framed window

In Part 2: Setting up the local network, we focused on tweaking the local network. We gave the web server a static IP, added DHCP IP reservations for the remaining devices, and configured ZoneAlarm. By the end of Part 2, we could ping the networked devices from the web server, ping the web server from non-mobile devices, and were reasonably assured that the network was working properly.

In Part 3 we’ll focus on Apache. First we’ll test Apache by displaying a simple html index page on all devices, including mobile devices, using the web server’s static IP address. Next we’ll throw some test websites and virtual hosts into the mix. With the exception of mobile devices, we should be able to summon our test websites with local domain names. By the end of Part 3, both the local network and the web server should be humming along nicely in anticipation of, wait for it!…installing and configuring BIND. Ooh, it gives me the shivers just thinking about it.

Steps to be completed in Part 3:

  1. Configure Apache’s Listen directive, restrict access to the document root, and test for syntax errors
  2. Create test websites
  3. Add virtual hosts for test websites to the development server
  4. Add local domain names to hosts files of non-mobile devices (a temporary step)
  5. Configure ZoneAlarm’s Application Control Settings for Apache
  6. Test websites on the local network

Step 1:Configure Apache’s Listen directive, restrict access to the document root, and test for syntax errors

In this step we’ll configure httpd.conf, Apache’s main configuration file, to allow Apache to listen for requests on the development server’s fixed IP address, and, optionally, limit access to the development server by IP. Please note that this is not a complete example of how to configure httpd.conf.

  1. Copy Apache’s configuration file

    Make a copy of your existing Apache configuration file:

    C:\webserver\apache\conf\httpd.conf

    Save it as something like:

    httpd.conf.original

  2. Edit the Listen directive

    Open httpd.conf in a text editor. Find the Listen directive, the default looks something like this:

    Listen 80

    Edit it so it looks this:

    Listen 127.0.0.1:80

    Add this second Listen directive just below it:

    Listen 192.168.0.200:80

  3. Edit the ServerName directive

    Find the ServerName directive, the default looks something like this:

    ServerName www.example.com:80

    Edit it so it looks like this:

    ServerName localhost:80

  4. Restrict access to the web server document root

    By default, Apache is configured to allow saints, sinners, and small marsupials access to files in the document root. Web server access can be restricted by IP address. Let’s say I want to limit access to my smartphone, netbook, and laptop. Since I’ve already assigned these devices their own IP addresses via DHCP reservation in Part 2: Configure DHCP reservations for network devices, I can use Apache’s Require directive to limit access to these IPs only.

    1. Find the DocumentRoot directive, mine looks like this:

      DocumentRoot "C:/webserver/apache/htdocs"

      Just below this is the directory block where access to the document root is controlled. Excluding comments, which are legion, the default directory block looks something like this:

      <Directory "C:/webserver/apache/htdocs">
          Options Indexes FollowSymLinks
          AllowOverride None
          Require all granted
      </Directory>

      Find the Require directive in the Directory block:

      Require all granted

      Edit it so it looks like this:

      Require all denied

    2. Just below the Directory block, add the following:

      # Allow document root access to these IPs:
      Require ip 127.0.0.1
      Require ip 192.168.0.200
      Require ip 192.168.0.199
      Require ip 192.168.0.198
      Require ip 192.168.0.197

      I’ve “required” all the IPs on my local network that I want to give access to the web server.

      Here’s the DocumentRoot directive followed by the edited directory block, sans comments:

      DocumentRoot "C:/webserver/apache/htdocs"
      <Directory "C:/webserver/apache/htdocs">
          Options Indexes FollowSymLinks
          AllowOverride None
          Require all denied
      
          # Allow document root access to these IPs
          Require ip 127.0.0.1
          Require ip 192.168.0.200
          Require ip 192.168.0.199
          Require ip 192.168.0.198
          Require ip 192.168.0.197
      </Directory>

      Save the file and close. Restart Apache for the changes to take effect.

    3. Check httpd.conf for syntax errors

      A configuration syntax error can stop Apache from starting, or otherwise make you miserable. Running httpd with the -t option checks for syntax errors in all Apache configuration files, and it’s actually helpful. Apache does not need to be running to use this command.

      At the command prompt, type:

      C:\>httpd -t

      Press Enter.

      If all is okay, Apache responds with Syntax OK otherwise errors are reported.

      Command line window: Testing configuration files for syntax errors with "httpd –t". Syntax is okay

      Here’s and what a syntax error looks like:

      Command line window: Testing configuration files for syntax errors with "httpd -t". An Error is found.

      Hmm, “Invalid command 'Controls'”. I’ll have to fix that.

      Resource:

page 1 of 4

«  »

⛵ top ⛵

No comments yet…

Expound upon: BIND DNS Server on a Local Network:  Part 3

Your email address will not be published. Required fields are marked *

*