[Fed-Talk] When off doesn't mean off (Server App's website)
[Fed-Talk] When off doesn't mean off (Server App's website)
- Subject: [Fed-Talk] When off doesn't mean off (Server App's website)
- From: Todd Heberlein <email@hidden>
- Date: Sun, 25 Nov 2012 14:24:27 -0800
Just a heads up if you are running "Server App" on Mountain Lion and have turned Websites on.
Once you've slid the switch from OFF to ON to turn on the web server, sliding it back to OFF doesn't really turn apache off.
All it does is block access to the web server's pages in the document root. If you turn on user web sites (the old ~/Sites folder), even with the Server App's websites switch set to OFF, you can still access the user's web pages.
If you reboot the machine, the web server processes keep coming back.
In short, once you've turned the web server on via Server App, sliding the switch back to OFF doesn't really turn it off. OFF doesn't mean off. It just means you cannot access some web pages.
Network vulnerability scanners should still pick up your web server as if it is on. If users have vulnerable web pages (e.g., bad PHP code), your system will still be vulnerable.
I found the following command killed the Apache httpd process and it stayed down between reboots:
$ sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist
Todd
(Gory details)
------------------------------
To check the processes, I used the command
$ ps -ef | grep http
Before I turn on the web server, I see no httpd processes.
After I slide the Websites switch to ON, I see httpd processes with these options:
/usr/sbin/httpd -D FOREGROUND -f /Library/Server/Web/Config/apache2/httpd_server_app.conf -D WEBSERVICE_ON
After I slide the switch back to OFF, I see processes with these options:
/usr/sbin/httpd -D FOREGROUND -f /Library/Server/Web/Config/apache2/httpd_server_app.conf
Sp Apache httpd process is still running, you just can't get to documents in the root folder.
----------
To turn on user's web sites (~/Sites)
edit the file
/Library/Server/Web/Config/apache2/httpd_server_app.conf
and uncomment the line
#Include /private/etc/apache2/extra/httpd-userdir.conf
Slide the Server App's Websites switch back to ON.
Now you can view pages in the users' ~/Sites directory. For example, I use:
http://bigmac.lab.netsq.com/~heberlei/foo.php
----------
Now turn the Server App's Websites switch back to OFF
Revisit a user's web pages. Ta da!! you can still see the user's web pages. Although turning the Server App's Websites switch to off blocks access to documents in the default root directory, you can still get access to user's web pages.
----------
Even if you reboot your machine (with the Server App's Websites switch left in OFF), the web server comes back up and you can access user's home web sites.
----------
To put the web server fully down and keep it down between reboots, I use the following command:
$ sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden