I'm using MAMP PRO on a Mac. My problems started when one of my local sites began to default to https when I try to view it in a browser (any browser). I've tried various fixes, but the problem remains, plus I get a new warning from MAMP - I need to either nix my Apple Apache server or change Apache to something other than Port 80.
Anyway, while Googling for help I discovered this Mac Terminal command: sudo lsof -i ':80'
I typed it in, and I suspect I've found the root problem...
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
Google 515 [My Name] 125u IPv4 0x6270000f68f4689d 0t0 TCP
10.0.0.138:50258->sea15s07-in-f4.1e100.net:http (ESTABLISHED)
Google 515 [My Name] 181u IPv4 0x6270000f69024a8d 0t0 TCP
10.0.0.138:50341->ec2-54-84-89-183.compute-1.amazonaws.com:http
(CLOSE_WAIT)
httpd 1267 root 4u IPv6 0x6270000f5b6af8ad 0t0 TCP *:http (LISTEN)
httpd 1387 [My Name] 4u IPv6 0x6270000f5b6af8ad 0t0 TCP *:http (LISTEN)
httpd 1388 [My Name] 4u IPv6 0x6270000f5b6af8ad 0t0 TCP *:http (LISTEN)
httpd 1389 [My Name] 4u IPv6 0x6270000f5b6af8ad 0t0 TCP *:http (LISTEN)
httpd 1390 [My Name] 4u IPv6 0x6270000f5b6af8ad 0t0 TCP *:http (LISTEN)
httpd 1391 [My Name] 4u IPv6 0x6270000f5b6af8ad 0t0 TCP *:http (LISTEN)
httpd 1392 [My Name] 4u IPv6 0x6270000f5b6af8ad 0t0 TCP *:http (LISTEN)
httpd 1402 [My Name] 4u IPv6 0x6270000f5b6af8ad 0t0 TCP *:http (LISTEN)
Why are Google and Amazon listed? Have they effectively hacked my Apache server? Can anyone tell me what any of this stuff means?
I'm not even sure if the above code references my Mac's default Apache installation of MAMP's version of Apache. As a last resort, I can probably go to the local Apple Store and ask them to show me where the original Apache file is located and ask them to restore it to its default settings (if they've changed).
Answer
In regards to your question "Why are Google and Amazon listed?", it is because the lsof command you issued also shows outbound connections to external websites via HTTP.
10.0.0.138:50258->sea15s07-in-f4.1e100.net:http (ESTABLISHED)
10.0.0.138:50341->ec2-54-84-89-183.compute-1.amazonaws.com:http
From the above two lines in the output you posted, it appears your local IP address is 10.0.0.138; any address in the range 10.0.0.0 through 10.255.255.255 is a private IPv4 address, which isn't routed over the Internet, so Network Address Translation (NAT) will be occurring in order for your system to connect to the Google and Amazon Web Services (AWS) websites. Any time you see 1e100.net at the end of a fully qualified domain name (FQDN), that tells you that the system is a Google system, because Google owns that domain name; 1e100 was selected by Google because it is a way of representing a googol, which is a 1 followed by 100 zeros. Through AWS, Amazon provides the capability for many companies and individuals to host websites on Amazon servers, it is quite common to see amazonaws.com when an IP address is translated to its canonical name. So the answer to your question "Have they effectively hacked my Apache server?" is "no"; those lines simply indicate that you've browsed to a site hosted by Amazon AWS and a Google site.
In regards to the issue of HTTPS always being used for one of the sites hosted on your Mac, can you access other sites on the Mac via HTTP? What is the exact warning message you now see? Were you previously able to access the particular site that now defaults to HTTPS by HTTP? If HTTP Strict Transport Security (HSTS) is being used for a particular site, if you try to access that site via HTTP, HTTPS will be used, instead.
In regards to the original Apache configuration file, I'm including a link to the original Apache configuration file on my MacBook Pro that you can use for comparison. You can use the apachectl command, apachectl -S to view some configuration information for Apache on your system.
No comments:
Post a Comment