COMODO set correctly for webserver?

Hi all,
I’m new to comodo today so just wan’t to check I’ve setup correctly. I have a PC on which I run Apache webserver. When I installed comodo on restart I immediatly got a warning that Apache wes tying to listen on port 80 so I allowed always, I assume this as setup the application rules for Apache? I still had no access to the webserver from outside so I added rules to network monitor

source any destination 192.168.1.200 port 80
source 192.168.1.200 desination any port any

my webserver PC runnining comodo is 192.168.1.200

I assume this allows anyone to connect to my webserver on port 80 but only to apache application and for apache to reply to afy destination on any port. Have I got this correct or have I left myself wide open?

Thanks

Mike

No, you’re not wide open. The ports only open when your program is using it.
I assume that you’re behind a router, since you use internal IP’s.
Have you created a trusted zone?

Hi

Thanks for the reply AOwL. Yes I am behind a router with port 80 forwarded to 192.168.1.200. I have declared my internal network to be trusted. Just wanted to check that webserver traffic is being “contained” correctly on my webserver.

Thanks

Mike

I’m no expert in this, but i will try to help you.
There should already be two rules at the top of Network Monitor rules that allow internal traffic on your network, where you see your “zone” is used.
If you have added a zone and made a trusted network, you should use it in your rule.
I’ll make an example.
Action : Allow
Protocol : TCP or UDP
Direction : In
Source IP : Any
Destination IP : Zone
Source Port : Any
Destination Port : A single port : 80
Click ok, and press the “move up” button at the top of the list, until the new rule gets up above the block rule or maybe to the top. Don’t press it to fast, because it won’t keep up…

When you make a rule IN, YOU are the DESTINATION.
When you make a rule OUT, YOU are the SOURCE.

There have been issues with rules, so you might have to restart CPF or even the computer.

Network monitor works like a router… kind of…

I’m not sure about why you have to forward a port in your router to port 80 though… but i have never had a server at home… port 80 should allow traffic anyway?
If you have a server that only use port 80 and nothing else, you could block all ports except 80 in Network monitor.?
Sorry if i miss understand you.

Hi

Thanks again for the reply. I think I was not clear with my concernes. When a web browser connects to a server the browser uses a random port but ALWAYS connects to port 80 on the server. Hence forwarding port 80 through my router to my webserver (192.168.1.200). This is standard for hosting a server behind a rooter. My concern bieing new to CPF is once packets reach my server they go ONLY to apache and nowhere else. The webserver must then reply to the client on a random port, do the rules above achieve this? Have I understood the way CPF rules work correctly? Aologies if the typing/spelling is a bit rough - been out for a ■■■■ (or two) since my last post!

Thanks
Mike

Aologies if the typing/spelling is a bit rough - been out for a ■■■■ (or two) since my last post!

LOL! ;D Nice! :■■■■

I’m not sure that i can help you, but maybe someone else can?
First thing is to turn off network monitor, to see if it’s there the problem is.
Does it work without Network Monitor? Turn it on, and go to logs and try to see why it get stopped.
If you read the logs, you should be able to make rules that allow it to work, at least as a first step.
If you don’t know how to set up rules for it, you can post the log here, so that i or someone else can help you. Just right click at the rules and you can export them as html. Attach it to your post.

Hallo all, I’m a Comodo newby and would need some help on configuring CPF Firewall. My System is WinXP/SP2 with an Apache HTTP Server 2.2.3 and PHP 5.2.0 for developing reasons. Afer reading manuals and faq’s for 2 hours I’m still not able to create a network rule which lets pass through the apache’s traffic. Maybe anyone could help?

Ports are properly forwarded through my router to the virtual server [my local machine]. Apache is reachable within LAN on 127.0.0.1 and on WAN on its static IP if CPF’s security level is switched to ‘allow all’, but this does not appear to be the solution. (:NRD)

When setting security level to ‘custom’ and trying to connect to 127.0.0.1 I receive a browser’s error ‘connection refused’. I get a browser ‘timeout’ when attempting to connect the webserver on it’s static WAN IP.

My application settings are:
httpd.exe and ApacheMonitor.exe both on Destination 192.168.0.2 [my machine’s LAN IP] with Port ‘Any’ and Protocol ‘TCP In/Out’ Permission Allow.

My network settings are default config:
Rule ID 5: Block & Log Protocol IP In/Out Source Any Dest. Any where IPROTO IS ANY
Other Rule ID’s above are also set to allow by default settings.

Knowing that the prob may be much easier solved when knowing about the CPF’s logfiles I will publish the concerning parts as text-only [upload folder is full, sorry ]:

Comodo Firewall Logs:

Date/Time: 2006-12-17 14:07:37 Severity: Medium Reporter: Network Monitor Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.2, Port = nbname(137)) Protocol: UDP Incoming Source: 192.168.0.1:2360 Destination: 192.168.0.2:nbname(137) Reason: Network Control Rule ID = 5
Date/Time: 2006-12-17 14:05:50 Severity: Medium Reporter: Application Monitor Description: Application Access Denied (httpd.exe:127.0.0.1:http(80)) Application: C:\Programme\Apache2.2\bin\httpd.exe Parent: C:\WINDOWS\system32\services.exe Protocol: TCP In Destination: 127.0.0.1:http(80)
Date/Time: 2006-12-17 14:00:43 Severity: Medium Reporter: Application Monitor Description: Application Access Denied (httpd.exe:127.0.0.1:http(80)) Application: C:\Programme\Apache2.2\bin\httpd.exe Parent: C:\WINDOWS\system32\services.exe Protocol: TCP In Destination: 127.0.0.1:http(80)
Date/Time: 2006-12-17 13:43:17 Severity: Medium Reporter: Network Monitor Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.2, Port = http(80)) Protocol: TCP Incoming Source: 88.217.225.12:1317 Destination: 192.168.0.2:http(80) TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time: 2006-12-17 12:51:01 Severity: Medium Reporter: Network Monitor Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.2, Port = nbname(137)) Protocol: UDP Incoming Source: 192.168.0.1:2329 Destination: 192.168.0.2:nbname(137) Reason: Network Control Rule ID = 5
Date/Time: 2006-12-17 12:49:57 Severity: Medium Reporter: Application Monitor Description: Application Access Denied (httpd.exe:127.0.0.1:http(80)) Application: C:\Programme\Apache2.2\bin\httpd.exe Parent: C:\WINDOWS\system32\services.exe Protocol: TCP In Destination: 127.0.0.1:http(80)
Date/Time: 2006-12-17 12:49:36 Severity: Medium Reporter: Network Monitor Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.2, Port = http(80)) Protocol: TCP Incoming Source: 88.217.225.12:1186 Destination: 192.168.0.2:http(80) TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time: 2006-12-17 12:49:26 Severity: Medium Reporter: Network Monitor Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.2, Port = http(80)) Protocol: TCP Incoming Source: 88.217.225.12:1186 Destination: 192.168.0.2:http(80) TCP Flags: SYN Reason: Network Control Rule ID = 5

I saw any connection attempt to my local machine 192.168.0.2 blocked by network rule ID 5 and also sometimes blocked incoming traffic to Apache’s httpd.exe on local IP 127.0.0.1 with htt-protocol on port 80 blocked by the Application Monitor

Thank you very much for any help. When reading this forum for the last two hours I saw many user problems solved due the comodo community also hopefully my small prob. will be solved too…

Greetings from Munich, dah

Welcome to the forum.
First you should go to security/advanced/misc and check the “skip loopback…TCP”.
Second, I think you need to make a network monitor rule for port 80.
Go to Network monitor (security/network monitor).
Right click on your block rule and add/add before.
Do these settings.

Action : Allow
Protocol : TCP or UDP
Direction : In
Source IP : Any
Destination IP : 192.168.0.2
Source Port : Any
Destination Port : A single port : 80

You should also make an application rule like this.
Application : C:\Programme\Apache2.2\bin\httpd.exe
Parent : C:\WINDOWS\system32\services.exe
General/
Action : Allow
Protocol : TCP
Direction : IN
Destination IP : 127.0.0.1
Destination Port : 80
Misc : Leave these unchecked. If you have problems to get it to work, try to check skip advanced and /or allow invisible.

If it doesn’t seem to work, restart CF or reboot your PC.
Good luck and let me know if it works.

Thanks, AOwL for your quick and helpful reaction to my post. I followed your instructions exactly in all three steps and it worked out! :BNC Now the server is runnig with a firewall which makes me feeling much more secure [this is my first WinXP Server, all the others are running on FreeBSD].

After having soluted the prob I just changed the network monitor rule you posted in 2) to work more restrictive. It just accepts TCP packages now, no more UDP packs. Everything is still running as wanted and Apache just needs TCP [this for others, I just do not know enough about security exploits in Apache 2.2 on WinXP, but it MAY be helpful for security].

That was competent and helpful, AoWL. The Comodo community seems to work…

You’re welcome.
I’m glad it worked out for you. ;D
Good luck.

G’day,

If you’re going to use secure HTTP, you’ll need to modify Aowls rules to include port 443 (SSL).

cheers,
Ewen