≡ Menu

Force apache webserver to listen on all addresses except one ip address

Few days back I wrote about how to force OpenSSH (sshd) to listen on selected multiple IP address only. Kritika sends me following question:

I would like to bind port 80 on 3 of 5 IP address. By default Apache using all port 80. How do I force apache webserver to listen on all addresses except one ip address?

Just like OpenSSH’s ListenAddress directive, apache has Listen directive. When Apache starts, it binds to some port and address on the local machine and waits for incoming requests. By default, it listens to all addresses on the machine. However, it needs to be told to listen on specific ports, or to listen on only selected addresses, or a combination. This is often combined with the Virtual Host feature which determines how Apache responds to different IP addresses, hostnames and ports.

The Listen directive tells the server to accept incoming requests only on the specified port or address-and-port combinations. If only a port number is specified in the Listen directive, the server listens to the given port on all interfaces. If an IP address is given as well as a port, the server will listen on the given port and interface. Multiple Listen directives may be used to specify a number of addresses and ports to listen on. The server will respond to requests from any of the listed addresses and ports.

In short open your httpd.conf file :
# vi httpd.conf

Setup Listen directive as follows:

Save and close the file. Restart the apache:
# /etc/init.d/httpd restart

Verify that apache listing to three IP address only:
# netstat -tulpn | grep :80

Share this on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:

{ 7 comments… add one }
  • Coop November 25, 2010, 12:32 pm

    Well that was disappointing… The title of this article describes exactly what I want to do…. unfortunately, the article itself doesn’t give any related info, but describes the exact opposite situation, which is pretty much covered in every single guide to set up virtual hosts on apache…

    • Flash Thunder February 16, 2016, 12:16 pm

      Totally agree… disappointing.

  • Andy Bird March 22, 2011, 8:59 am

    Thanks for the article

    As Coop says it would be great if Apache had a ‘listen to all IPs except’ however, after looking everywhere I guess this is simply not and available config.

  • Apache Warlord September 27, 2011, 10:28 pm

    wtf? the solution given is not at all what the title of the post is…

  • Daniel October 25, 2012, 2:19 pm

    By default Listen is set to only the port – that means listen on that port on all interfaces. If you change that to listen IP:port, then it will only listen to that specific IP:port.

    list the ips that you want to listen on, do not list the ones you don’t need. simple as that.
    this article does what it says.

  • DerManiac November 9, 2012, 9:26 am

    Daniel, no it doesn’t do what it says. The title implies a blacklisting sort of setup, where you listen on all ports except the ones you specify. What it does instead is a regular white listing where it listens on NONE of the ports except the ones you specify.

    Why does it make a difference? Let’s say I have the following setup: My webserver has a separate IP address for each VirtualHost. But there is one IP address that – for whatever reason – should not have apache listening on. Now, everytime I add a new VirtualHost I have to go back to the main config file and add another Listen statement, because I’m doing a whitelist. If I were able to run a blacklist instead, I wouldn’t have to do that.

  • Maniquí December 1, 2012, 6:05 pm

    I agree the title is a bit misleading. I also expected a way to blacklist IP address on Apache, so to get it bound to all other available IP addresses.

Leave a Comment