Trying to configure an apache web server on my home network and had a question about port forwarding. I have my router set to forward everything on port 80 to the webserver, but I wanted to see if there were any ramifications of this that I may not be aware of? I can still browse the net fine from my other computers, and can access the website externally. But does this create a security risk of any kind? Is there a better (safer) way to do this?
We checked with the dns company, and they said they couldn't do port matching (i.e., could only point our url to xxx.xxx.xxx.xxx and not xxx.xxx.xxx.xxx:<port>) - does this sound normal? Are there hosting companies that do allow this type of thing?
Port forwarding to this web server on port 80 is typical when you have a resource on the internal network that you want to expose to external hosts via one port. The risk is that you are exposing this server on port 80. However, without this port forwarding rule, you will not be able to get traffic back to your server. You definitely want to make sure that the server is up to date on patches and make sure that you code securely. You could mitigate some risk by having an IPS system or App Firewall Filtering done between the external and internal traffic. Of course, depending on your needs, the extra expense with regard to layer 4-7 filtering may not be justified for your scenario.