您可以将应用程序配置为只在地址127.0.0.1 (localhost)上侦听,这样就不会从外部看到它是打开的。
例如,如果我让nginx监听每个ip的80端口,而apache侦听端口8080的127.0.0.1:
代码语言:javascript复制# netstat -ltnp (Redacted a little to make it clearer)
Local Address State Program name
0.0.0.0:80 LISTEN nginx: master
127.0.0.1:8080 LISTEN apache如果您从外部检查这2个端口(例如nmap ),您将只看到打开的80端口和关闭的8080端口:
代码语言:javascript复制# nmap $server -p 80,8080
PORT STATE SERVICE
80/tcp open http
8080/tcp closed http-proxy如果您试图连接到8080:
代码语言:javascript复制# telnet $server 8080
Trying $ip...
telnet: Unable to connect to remote host: Connection refused但这80条是可行的:
代码语言:javascript复制# telnet $server 80
Trying $ip...
Connected to .
Escape character is '^]'.希望能帮上忙!