Protecting Our Testing Web Server on Kali Linux

For being cybersecurity researcher we need to practice with buggy web servers, NO not actual servers, we are talking about some intentionally buggy web servers for practicing security testing. We host various vulnerable web applications like Damn Vulnerable Web Application (DVWA), BWAPP (Buggy Web App), OWASP Mutillidae etc on our system. Do we know about the potential risks on this?

there is no place like 127.0.0.1 linux
These type of buggy web applications have various vulnerabilities, some of them allow shell uploading (backdoors) and SQL injection. Such scripts can lead to complete compromise of our the web server as well as the entire computer. We can say that we had hosted it on localhost, that also can harm our system by the attackers. Attacker just need to access our local network (read WiFi) to break into it and damage us. Even they can do it remotely if we had forwarded our system ports.

How to Protect Testing Web Servers on Kali Linux

Malicious Port Closing

First of all we need to check our port forwarding options in our router settings. We should check that we don't have any port forwarded. Port forwarding allows us to enter in our network remotely, but there is a flaw that if we can enter then anyone else also can. That is why we should not disclose our public IP address.

What if we need to access our network from outside (in our case, we always use our home PC files from our office). In that case the best option to protect our web server shown in following chapter.

IP Filtering

We can filter which IP address is allowed to open our web server. If we apply it then other IP address can't access our web server. to do this we need to configure our .htaccess file. By default .htaccess file is disabled. We need to enable it from Apache2 configuration. Lets open Apache2 configuration file by using following command:

sudo nano /etc/apache2/apache2.conf

In the following screenshot we can see that where we need to change:

apache2 configuration file

In the <Directory /var/www/> section we need to change the AllowOverride value from None to All. We did the change in the following screenshot:

apache2 config file changed
Then we save and close the file by pressing CTRL+X, then Y, then Enter⤶ key.

Now we need to restart our web server for the changes to take effect:

sudo service apache2 restart

The default directory for Linux web server is /var/www/html. Now here we can edit our .htaccess file by applying following command:

sudo nano /var/www/html/.htaccess

Here our .htaccess file will open we need to just type Require local here, as shown in the following screenshot:

editing .htaccess file

Then we save and close it. Now if we did it then what happens? The name "local" only give access to the same computer. Please note only connections from the same computer (localhost) are allowed and any other remote connections are prohibited, even from the local network. This will be safest option for us.

If we do this and then we try to open this webpage from other devices on our local network it shows like following screenshot:

access denied for other localhost devices
Access denied for other localhost devices

In this way we can safe our localhost websites form other attackers. It is so simple and easy, yet powerful.

If we want we can allow a single IP or network ranges can access this webpage, instead of accessing from same computer only. We need to do following changes on .htaccess file to do so.

Require ip 10.1.2.3
# OR
Require ip 10.1
# OR
Require ip 10.1.0.0/16
# OR
Require ip 10.1.0.0/255.255.0.0
# OR
Require ip ::1

It is allowed multiple use of Require ip directive.

Some Vulnerable Web Server for Practice

This is how we can keep safe our localhost website from bad attackers on our Kali Linux system and enjoy our penetration testing practicing all the day.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

author-img
Kali Linux

Comments

No comments
Post a Comment
    google-playkhamsatmostaqltradent