Force apache webserver to listen on all addresses except one ip address

last updated in Categories Apache, Security, Tips, Troubleshooting

Few days back I wrote about how to force OpenSSH (sshd) to listen on selected multiple IP address only. Kritika sends me following question:


I would like to bind port 80 on 3 of 5 IP address. By default Apache using all port 80. How do I force apache webserver to listen on all addresses except one ip address?

Just like OpenSSH’s ListenAddress directive, apache has Listen directive. When Apache starts, it binds to some port and address on the local machine and waits for incoming requests. By default, it listens to all addresses on the machine. However, it needs to be told to listen on specific ports, or to listen on only selected addresses, or a combination. This is often combined with the Virtual Host feature which determines how Apache responds to different IP addresses, hostnames and ports.

The Listen directive tells the server to accept incoming requests only on the specified port or address-and-port combinations. If only a port number is specified in the Listen directive, the server listens to the given port on all interfaces. If an IP address is given as well as a port, the server will listen on the given port and interface. Multiple Listen directives may be used to specify a number of addresses and ports to listen on. The server will respond to requests from any of the listed addresses and ports.

In short open your httpd.conf file :
# vi httpd.conf

Setup Listen directive as follows:

Save and close the file. Restart the apache:
# /etc/init.d/httpd restart

Verify that apache listing to three IP address only:
# netstat -tulpn | grep :80

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.


7 comment

  1. Well that was disappointing… The title of this article describes exactly what I want to do…. unfortunately, the article itself doesn’t give any related info, but describes the exact opposite situation, which is pretty much covered in every single guide to set up virtual hosts on apache…

  2. Thanks for the article

    As Coop says it would be great if Apache had a ‘listen to all IPs except’ however, after looking everywhere I guess this is simply not and available config.

  3. By default Listen is set to only the port – that means listen on that port on all interfaces. If you change that to listen IP:port, then it will only listen to that specific IP:port.

    list the ips that you want to listen on, do not list the ones you don’t need. simple as that.
    this article does what it says.

  4. Daniel, no it doesn’t do what it says. The title implies a blacklisting sort of setup, where you listen on all ports except the ones you specify. What it does instead is a regular white listing where it listens on NONE of the ports except the ones you specify.

    Why does it make a difference? Let’s say I have the following setup: My webserver has a separate IP address for each VirtualHost. But there is one IP address that – for whatever reason – should not have apache listening on. Now, everytime I add a new VirtualHost I have to go back to the main config file and add another Listen statement, because I’m doing a whitelist. If I were able to run a blacklist instead, I wouldn’t have to do that.

  5. I agree the title is a bit misleading. I also expected a way to blacklist IP address on Apache, so to get it bound to all other available IP addresses.

Leave a Comment