Re: It helped JC :)



Yes, I knew I can do that, but the you won’t be able to administer your zs box from outside if you don’t have a VPN connection available (which I don’t always have).

What I really do is to change zs http and https ports with a really simple postboot script.

What I do is copy the files httpd.conf and ssl.conf from /etc/httpd/conf to /Database/scripts

on those 2 files, I change the lines
on httpd.conf

Listen 80     --->   Listen 

on ssl.conf

Listen 443    --->   Listen 

I also usually change the following line on httpd.conf:

RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]


RewriteRule ^.*$ https://%{SERVER_NAME}:1443

After that, I create a postboot cron script with the following content:

rm -f /etc/httpd/conf/httpd.conf
rm -f /etc/httpd/conf/ssl.conf

cp -a /Database/scripts/httpd.conf /etc/httpd/conf/
cp -a /Database/scripts/ssl.conf /etc/httpd/conf/

/etc/init.d/httpd restart

That way, I know for sure the ports will never be used by zs’ apache, I’m still able to connect from outside, and keep unwanted people from trying to break into the machine…. (at least fewer of them will find the correct port)