Force apache webserver to listen on all addresses except one ip address

Few days back I wrote about how to force OpenSSH (sshd) to listen on selected multiple IP address only. Kritika sends me following question:

ADVERTISEMENTS

I would like to bind port 80 on 3 of 5 IP address. By default Apache using all port 80. How do I force apache webserver to listen on all addresses except one ip address?

Just like OpenSSH’s ListenAddress directive, apache has Listen directive. When Apache starts, it binds to some port and address on the local machine and waits for incoming requests. By default, it listens to all addresses on the machine. However, it needs to be told to listen on specific ports, or to listen on only selected addresses, or a combination. This is often combined with the Virtual Host feature which determines how Apache responds to different IP addresses, hostnames and ports.

The Listen directive tells the server to accept incoming requests only on the specified port or address-and-port combinations. If only a port number is specified in the Listen directive, the server listens to the given port on all interfaces. If an IP address is given as well as a port, the server will listen on the given port and interface. Multiple Listen directives may be used to specify a number of addresses and ports to listen on. The server will respond to requests from any of the listed addresses and ports.

In short open your httpd.conf file :
# vi httpd.conf

Setup Listen directive as follows:
Listen 202.5.1.1:80
Listen 202.5.1.2:80
Listen 202.5.1.3:80

Save and close the file. Restart the apache:
# /etc/init.d/httpd restart

Verify that apache listing to three IP address only:
# netstat -tulpn | grep :80

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
7 comments… add one
  • Coop Nov 25, 2010 @ 12:32

    Well that was disappointing… The title of this article describes exactly what I want to do…. unfortunately, the article itself doesn’t give any related info, but describes the exact opposite situation, which is pretty much covered in every single guide to set up virtual hosts on apache…

    • Flash Thunder Feb 16, 2016 @ 12:16

      Totally agree… disappointing.

  • Andy Bird Mar 22, 2011 @ 8:59

    Thanks for the article

    As Coop says it would be great if Apache had a ‘listen to all IPs except’ however, after looking everywhere I guess this is simply not and available config.

  • Apache Warlord Sep 27, 2011 @ 22:28

    wtf? the solution given is not at all what the title of the post is…

  • Daniel Oct 25, 2012 @ 14:19

    By default Listen is set to only the port – that means listen on that port on all interfaces. If you change that to listen IP:port, then it will only listen to that specific IP:port.

    list the ips that you want to listen on, do not list the ones you don’t need. simple as that.
    this article does what it says.

  • DerManiac Nov 9, 2012 @ 9:26

    Daniel, no it doesn’t do what it says. The title implies a blacklisting sort of setup, where you listen on all ports except the ones you specify. What it does instead is a regular white listing where it listens on NONE of the ports except the ones you specify.

    Why does it make a difference? Let’s say I have the following setup: My webserver has a separate IP address for each VirtualHost. But there is one IP address that – for whatever reason – should not have apache listening on. Now, everytime I add a new VirtualHost I have to go back to the main config file and add another Listen statement, because I’m doing a whitelist. If I were able to run a blacklist instead, I wouldn’t have to do that.

  • Maniquí Dec 1, 2012 @ 18:05

    I agree the title is a bit misleading. I also expected a way to blacklist IP address on Apache, so to get it bound to all other available IP addresses.

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.