Force apache webserver to listen on all addresses except one ip address

by on November 2, 2006 · 6 comments· LAST UPDATED November 2, 2006

in , ,

Few days back I wrote about how to force OpenSSH (sshd) to listen on selected multiple IP address only. Kritika sends me following question:

I would like to bind port 80 on 3 of 5 IP address. By default Apache using all port 80. How do I force apache webserver to listen on all addresses except one ip address?

Just like OpenSSH's ListenAddress directive, apache has Listen directive. When Apache starts, it binds to some port and address on the local machine and waits for incoming requests. By default, it listens to all addresses on the machine. However, it needs to be told to listen on specific ports, or to listen on only selected addresses, or a combination. This is often combined with the Virtual Host feature which determines how Apache responds to different IP addresses, hostnames and ports.

The Listen directive tells the server to accept incoming requests only on the specified port or address-and-port combinations. If only a port number is specified in the Listen directive, the server listens to the given port on all interfaces. If an IP address is given as well as a port, the server will listen on the given port and interface. Multiple Listen directives may be used to specify a number of addresses and ports to listen on. The server will respond to requests from any of the listed addresses and ports.

In short open your httpd.conf file :
# vi httpd.conf

Setup Listen directive as follows:
Listen 202.5.1.1:80
Listen 202.5.1.2:80
Listen 202.5.1.3:80

Save and close the file. Restart the apache:
# /etc/init.d/httpd restart

Verify that apache listing to three IP address only:
# netstat -tulpn | grep :80

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 6 comments… read them below or add one }

1 Coop November 25, 2010 at 12:32 pm

Well that was disappointing… The title of this article describes exactly what I want to do…. unfortunately, the article itself doesn’t give any related info, but describes the exact opposite situation, which is pretty much covered in every single guide to set up virtual hosts on apache…

Reply

2 Andy Bird March 22, 2011 at 8:59 am

Thanks for the article

As Coop says it would be great if Apache had a ‘listen to all IPs except’ however, after looking everywhere I guess this is simply not and available config.

Reply

3 Apache Warlord September 27, 2011 at 10:28 pm

wtf? the solution given is not at all what the title of the post is…

Reply

4 Daniel October 25, 2012 at 2:19 pm

By default Listen is set to only the port – that means listen on that port on all interfaces. If you change that to listen IP:port, then it will only listen to that specific IP:port.

list the ips that you want to listen on, do not list the ones you don’t need. simple as that.
this article does what it says.

Reply

5 DerManiac November 9, 2012 at 9:26 am

Daniel, no it doesn’t do what it says. The title implies a blacklisting sort of setup, where you listen on all ports except the ones you specify. What it does instead is a regular white listing where it listens on NONE of the ports except the ones you specify.

Why does it make a difference? Let’s say I have the following setup: My webserver has a separate IP address for each VirtualHost. But there is one IP address that – for whatever reason – should not have apache listening on. Now, everytime I add a new VirtualHost I have to go back to the main config file and add another Listen statement, because I’m doing a whitelist. If I were able to run a blacklist instead, I wouldn’t have to do that.

Reply

6 Maniquí December 1, 2012 at 6:05 pm

I agree the title is a bit misleading. I also expected a way to blacklist IP address on Apache, so to get it bound to all other available IP addresses.

Reply

Leave a Comment

Previous post:

Next post: