Apache 1.3 Stop port 80 listening

[ikonia]

hi all,

I'm looking at an unsual conifguration for apache.

I currently have it listening on port 80 for http and 443 using mod_ssl

I want to stop http traffic listening, so I want to stop port 80 from listening full stop.

This way apache only listening on 443 and responds with mod_ssl
(I know there are other ways of doing this but this is the way I have to go at the moment)

If I set the Listen directive to 443 - then apache will refuse to start as that port will already be in use (by mod_ssl)

If I comment out the Listen directive then apache won't start as it needs a socket to bind too.

How (if possible) can I set apache to not listen on any ports other than mod_ssl on 443.

Thanks

[yngvai]

Don't know what OS you're using, but in the first instance do you have two seperate httpd.conf files? :-

/etc/apache/httpd.conf and
/etc/apache-ssl/httpd.conf

you could try :-

~#>apachectl stop ; apache-sslctl start ; nmap localhost ( see what ports are open )

[ikonia]

yngvai - a good try, but I think thats a specific linux distribution thing, as apache-sslctl doesn't exist as part of apache.

I actually think this is impossible, in that to use mod_ssl apache needs to be running to load the module, and for apache to run it needs to listen on a port so I don't think my origional question would be possible at all.

[Stoo]

Can't you just filter port 80 at a firewall etc ?

[yngvai]

I actually think this is impossible, in that to use mod_ssl apache needs to be running to load the module, and for apache to run it needs to listen on a port so I don't think my origional question would be possible at all.

Hi Ikonia

If your purpose is to solely run apache with openssl on port 443, but not on port 80, it should be possible. It's just that my distro does it all for me and I have to mess up my
setup here to investigate the problem. If you're trying to do something else, sorry I misunderstood..

[edit]

A couple of links I found, in case you didn't already find them yourself:-

http://lucas.ucs.ed.ac.uk/tutorials/apache/1x.ssl.html
http://www.apache-ssl.org/#FAQ

[ikonia]

Stoo - yes we could, but as I said my first post there are better and more correct ways of doing this but for the purpose of this debate - this is the way I have to go.

yngvai - reading through your linkx now.

I'd be very interested in seeing your /etc/apache-ssl/httpd.conf and your apache-sslctl script.

[yngvai]

yngvai - reading through your linkx now.

I'd be very interested in seeing your /etc/apache-ssl/httpd.conf and your apache-sslctl script.

Kewl ... hope it helps, I've pm'd you regarding the conf files. Let me know if it's any use.