You could always block the program at the software level (and I would), but ideally you'd want to avoid forwarding any ports or allowing external (WAN) communication.
It's not unusual to run a web server on-demand, such as to preview a web page you're coding (e.g., when utilizing a JS-based framework). This would be preferable to running it 24/7 if possible.
The weak point will probably be your router. Most consumer routers allow you to manually forward ports (which you wouldn't want to do here), but they'll also often automatically allow the program out via either UPnP and/or NAT-PMP (if requested).
If you know the program doesn't trigger that, or you've disabled it, you should be fine. It's really a matter of segmenting it from the Internet. If you're confident that you can do that, then you should be golden.
--- Scott Lopez Email: [email protected] Web: https://bio.neteng.pro ---------------------------------------- Jul 14, 2025 1:43:29 AM David Schwartz <[email protected]>:
I found that article and forwarded it to Keith. It was specifically about setting up and running a local web service for your own personal needs. The guy was not a developer. In fact, a couple of things he said he uses this for suggest just the opposite. He very briefly mentions external access, but that was clearly not the focus of the article.But I think Keith's question has to do with security implications of running a local web service on your main machine for LOCAL use at localhost.I’ve got a LAN at home and I’ve given some thought to what it would take to run a server on one machine ONLY for internal access. I almost set it up at one point, but changed my mind, but I haven’t ruled it out.That article includes a single command you can run on a Mac to turn on your web server.Windows includes IIS, and he shows how to activate it. Newer versions only install it if you request, and it’s easy to start it up as a service.But MAMP, WAMP, and similar solutions have been available for about 20 years now and I haven’t heard much about any security issues simply from running them on localhost / 127.0.0.1[https://127.0.0.1] .Is there anything to worry about? -David SchwartzOn Jul 14, 2025, at 12:10 AM, Eric Oyen via PLUG-discuss <[email protected]> wrote:Honestly,I would rather the web server be on it’s own dedicated vm with minimal other services running and it’s own internal IP address on a virtual bridge answerable to the external ethernet interface. This is actually similar to what I ran post 2000 using VMWARE. External ethernet card 1: unposted by host OS, linked to OpenBSD vm as internet interface 2nd ethernet interface was attached to internal virtual bridge that was also connected as a second interface to the openBSD vm. Host OS was linked to virtual bridge along with all other vm’s. This way, all instances and the host OS were protected behind the OpenBSD instance which acted as the firewall. One of those instances was a web server that hosted a simple website (one of the many things I tried to learn how to do).At the time, that configuration for VMWare was not even supported, let alone documented. So, I had a pretty unique setup (and I did document it eventually and submitted it to the dev team at VMWare). Oh man, were they surprised.-EricFrom the Central Offices of the Technomage Guild, Virtual Environments Coordinator Dept.On Jul 13, 2025, at 3:00 PM, Keith Smith via PLUG-discuss <[email protected]> wrote:Hi,A friend sent me an article about a guy that always configures a web server on his desktop. I did some work with a guy who configured his daily driver MAC as a web server and used it for development.I'm running Kubuntu on my desk top and Ubuntu on my virtualization.I could configure my desktop as a web server.... however I an not so sure I want to.My main concern is security. What are your thoughts? Thanks!! Keith --------------------------------------------------- PLUG-discuss mailing list: [email protected] To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list: [email protected] To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
signature.asc
Description: PGP signature
--------------------------------------------------- PLUG-discuss mailing list: [email protected] To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
