XP Pro as Web Server w/Firewall?

[Guest]

I'm a developer, but never done any web development. I want to start playing
around and set my XP Pro machine up as a web server. I'll set up IIS and the
virtual root stuff, but my questions are:
1) How do I open up a port (or whatever, terminology is not my strong suit)
throught the XP firewall?
2) Any other precautions to take when doing this?
3) If I don't have a domain name, just use my IP (i.e. http://iphere/website)?
4) I also have to go through a LinkSys wireless router. What do I open up
here?
5) Other pertinent info?

Thanks!

 

[Lanwench [MVP - Exchange]]

I'm a developer, but never done any web development. I want to start
playing around and set my XP Pro machine up as a web server. I'll
set up IIS and the virtual root stuff, but my questions are:
1) How do I open up a port (or whatever, terminology is not my strong
suit) throught the XP firewall?

What SP?

2) Any other precautions to take when doing this?

Well, I wouldn't want to run a publicly accessible website on my own
workstation. Big security risk. Also, you are limited to 10 concurrent
connections. Why not just find a cheap web hosting company, register a
domain (this isn't expensive) and set it up there? Or just use this to play
with on your LAN and don't open up access to it from the Internet?

3) If I don't have a domain name, just use my IP (i.e.
http://iphere/website)?

Yes....presuming that's the public IP and isn't dynamic. If it's dynamic,
try www.dyndns.org

4) I also have to go through a LinkSys

wireless router. What do I open up here?

TCP port 80 for http - port 443 for SSL/https

 

[Guest]

"What SP?"
I'm on XP Pro, SP2

" Well, I wouldn't want to run a publicly accessible website on my own
workstation..."
Just for play. I was planning on giving the address to family and friends
and setting up my own photo album. I'll look into hosting if I get something
I'd like to keep.

"Yes....presuming that's the public IP and isn't dynamic"
I've got a static IP currently.

 

[Leythos]

I'm a developer, but never done any web development. I want to start playing
around and set my XP Pro machine up as a web server. I'll set up IIS and the
virtual root stuff, but my questions are:

Running a IIS service on XP Pro and allowing public access is asking for
trouble - not because IIS on XP isn't secure, but, since you're asking
this question (and it's a good question) you show that you don't know
enough about security to do so.

In locking down a IIS server for public access there are a LOT of
changes that make your workstation less usable and not desirable for
local use. There are many services and security changes that will make
your machine less than friendly for your normal use - at least if you
lock it down properly.

1) How do I open up a port (or whatever, terminology is not my strong suit)
throught the XP firewall?

In XP SP2, and you should be running SP2, just open the firewall and
follow the directions to open port XX where XX is the port you are
running your web server on. Keep in mind, if you want to run it on
Workstation you should at least not run it on the standard web ports
that bots scan for - I would suggest that you run it on port 40000 or
something strange like that. While it won't keep people out, it does
eliminate some of the background chaff that you would see on 80.

2) Any other precautions to take when doing this?

Yes, lock down the computer so that it's almost not usable.

Setup authentication so that only a authenticated user can access the
site - make sure that all accounts have STRONG PASSWORDS. This means
that once people find your site they will be prompted to enter a
workstation user name and password before they can even see the site -
one more level to stop that crackers.

3) If I don't have a domain name, just use my IP (i.e. http://iphere/website)?

From inside the network it would be:

http://localhost:portXX for the root site
http://localhost/virtualsite:portXX for virtual directories off root

for external access it would be:

http://ipaddress:portXX
http://ipaddress/virtualsite:portXX

If you use port 80, then you can leave "ortXX" out completely.

4) I also have to go through a LinkSys wireless router. What do I open up
here?

You have to FORWARD TCP 80 to the internal IP of the workstation.

5) Other pertinent info?

Yes, don't do this until you completely understand security, this is the
fastest way to compromise your machine.

 

[Guest]

So... sounds like I should just not bother. On the other hand, this is just
my home play box, nothing important on it... gets rebuild ever other month.
I need to study my security topics.

Man... I love computers and technology. Everything is so simple and
convenient.

Thanks for the info.

-D

 

[Lanwench [MVP - Exchange]]

So... sounds like I should just not bother. On the other hand, this
is just my home play box, nothing important on it... gets rebuild
ever other month. I need to study my security topics.

Man... I love computers and technology. Everything is so simple and
convenient.

Well, it's a lot simpler than it used to be, not to mention less expensive.

 

[Lanwench [MVP - Exchange]]

"What SP?"
I'm on XP Pro, SP2

" Well, I wouldn't want to run a publicly accessible website on my own
workstation..."
Just for play. I was planning on giving the address to family and
friends and setting up my own photo album. I'll look into hosting if
I get something I'd like to keep.

"Yes....presuming that's the public IP and isn't dynamic"
I've got a static IP currently.

OK - you can do this if you wish, as long as the requisite ports are open. I
still advise against it. What about using a Yahoo Briefcase or Shutterfly or
something?

 

[Guest]

How about if I install Virtual PC and create a small image for my web server?
I could forward port 80 to the internal IP of that virtual machine, lock it
down and leave my machine as is. Bad idea??

If I go this route, I'll probably use Server 2003 instead of XP.

Thoughts?

 

[Leythos]

How about if I install Virtual PC and create a small image for my web server?
I could forward port 80 to the internal IP of that virtual machine, lock it
down and leave my machine as is. Bad idea??

If I go this route, I'll probably use Server 2003 instead of XP.

Thoughts?

How about you get a 2003 box, secure it, and then test/play on it, but
you don't expose port 80 to the web until you learn about security.

Windows 2003 Web Server version is cheap and can do all that you need,
but you still need to understand security. Don't mess with any of that
VM crap, just setup the machine correctly and go at it.