So the short answer with reply is, "Sure, but WHY?!?"
The WebServer for Mac OS X (I'm assuming 10.6 Snow Leopard Client for the details of the answer) is based entirely on Apache. There are tonnes of web resources for Apache.
The key to Apple's Web Services are in /etc/apache2
You can (with admin privs) modify the httpd.conf (again; loads of web refs on this file) specifically pointing DocumentRoot anywhere.
However; and this is the list of caveats of why this is a weird thing to do...
- You have to be sure that the web process has the proper privs to read the directory in the location you may move it.
- You run the risk of something getting access to other files around the moved location
- This is non-standard configuration in the OS and is likely to break in a future verison
- The location is non-user volatile; meaning that deleting a user won't accidentally delete the served root folder. (Apache will fail to launch) if it can't find a served root folder
On top of this; we talk about moving the ~Sites. When you generate a new user acct; the OS generates a virtual directory conf in the /etc/apache2/users directory. Apache is smart enough to expand the ~ into a user name. All the above Caveats hold.
The question is why do you want the root folder on your desktop? It would seem to be more convenient to do one or more of the following:
- make an alias of /Library/WebServer/Documents on your desktop
- Setup groups/acls on /Library/WebServer/Documents to assure the correct write access
Without knowing why you're motivated to do this; I can't really hazard any other suggestions.
If it's a question of moving your web services directory to a network share... Now your solution is more along the lines of OS X Server (10.6) or doing your own apache install.
Good luck.
You have to be sure that the web process has the proper privs to read the directory in the location you may move it.
As has been pointed out already, unless you are specifically forwarding http traffic from your router to your machine, your locally hosted stuff will only be available to you and the other computers on your local network.
To answer your question on restricting access to your webserver to just your machine. You can do this a couple of ways.
Remember, anytime you change apache configurations, you need to restart apache for those changes to take effect.
Method 1
If you want to limit everything on your local webserver to just your local machine, edit the file "/etc/apache2/httpd.conf". At approx line 195 you'll find a configuration block that looks similar to:
<Directory "/Library/WebServer/Documents">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks MultiViews
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
You are going to want to comment out the bottom two lines of that block and add in new rules
Deny from all
and
Allow from 127.0.0.1
that block should now look like:
<Directory "/Library/WebServer/Documents">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks MultiViews
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
#Order allow,deny
#Allow from all
Deny from all
Allow from 127.0.0.1
</Directory>
Method 2
You can also use .htaccess files to limit who has access to a directory. In order for .htaccess files to work you first need to enable them. Open the same file I referenced in method 1 (/etc/apache2/httpd.conf) and go to the same configuration block I mentioned before (at approx line 195). You'll need to change (at approx line 215):
AllowOverride None
to
AllowOverride All
Once you have done that you can create a file called .htaccess in any folder on your web server with the following information:
Deny from all
Allow from 127.0.0.1
That will prevent anyone besides your local machine from accessing the contents of that folder or any of it's subfolders.
Conclusion
Method 1 has the benefit of not having to worry about accidentally deleting .htaccess files or worrying about multiple configurations. Method 2 makes it very simple to only restrict access to certain directories of your webserver.
Also note that the .htaccess file must include that period at the beginning of the file name (it's .htaccess not htaccess) and that when you want to view your local webserver you have to do so by going to http://localhost (you can't use [your computer name].local).
Best Answer
Hidden web server
The web server running on your server is the one used by
cupsd
to manage your printers queue.The command:
will show you that it is actually closed, unless you activated the sharing of a printer.
You can stop
cupsd
either through the GUI ofSystem Preferences…
or withlaunchctl
:Nmap
If you don't have
nmap
because your version of MacOS doesn't anymore bring this useful software (which is a total failure for people who need to analyse network problems) you can easily install it with Macports or Brew. I estimate uou will need 15 minutes to install it, read the basic documentation. Within less than half an hour you will be able to discover holes through which your system can be attacked.