Changing the default port for Apache on Debian

As a minor security measure, I changed the default port for my webserver’s apache2. Of course if a port scanner is used, it doesnt do any good.

You need to edit two files:

emacs /etc/apache2/ports.conf

The modified file looks like this. Note that 80 has been changed to 8011, the new port.

#cat /etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:8011
Listen 8011

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443

<IfModule mod_gnutls.c>
    Listen 443

Next edit /etc/apache2/sites-enabled/000-default:

emacs /etc/apache2/sites-enabled/000-default

Change the line:

<VirtualHost *:80>[/code]
The modifed file is:
#cat /etc/apache2/sites-enabled/000-default
&lt;VirtualHost *:8011&gt;
        ServerAdmin [email protected]

        DocumentRoot /var/www
        &lt;Directory /&gt;
                Options FollowSymLinks
                AllowOverride None
        &lt;Directory /var/www/&gt;
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        &lt;Directory "/usr/lib/cgi-bin"&gt;
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined

Now restart the webserver.

service apache2 restart

and access apache on the modified port:

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.