User profile for user: Bill Walker2
Bill Walker2 Author
User level: Level 1
28 points

Sequoia Firewall blocking Apache httpd Server after about 2 hours of restarting.

I have tried every idea I have found on line plus about 25 others that I created, some are better that others. One of my posts on this topic had about 14,000 views the 1st day so I am not the only person with this problem.


Is anyone successfully operating Sonoma 24 hours every day with the firewall turned on? If yes, what did you do to make it work?


Some of my not perfect attempts:


# Attempts using Sudo Crontab -e for various times


brew Services Restart


brew Services Stop

brew Services Start


sudo computeruser/PATH/brew Services Stop

sudo computeruser/PATH to ALIAS/brew Services Start


sudo computeruser/PATH to ALIAS/brew Services stop

sudo computeruser/PATH to ALIAS/brew Services start


sudo computeruser/PATH to bin/brew Services Stop

sudo computeruser/PATH to bin/brew Services Start


sudo computeruser/PATH to bin/apachectl graceful


sudo computeruser/PATH to bin/apachectl restart


sudo computeruser/PATH to bin/apachectl stop

sudo computeruser/PATH to bin/apachectl start


GE Programable Control Power Strip to simulate power failures up to 8 times per day


# Terminal code to restart computer

  pmset repeat shut down MTWRFSU 00:55:00 poweron MTWRFSU 1:05:00


# Terminal code to identify and log using a remote client when server is off line;

exec bash;

MACHINE= iIP ;exec 3>/dev/tcp/${MACHINE}/22; if [ $? -eq 0 ]; then echo "SSH up"; else echo "SSH down"; fi


# Terminal code to restart server form a remote client when offline is detected;

currently trying to make this work. Help on this would be appreciated.


Script to log and restart remote server

currently trying to make this work. Help on this would be appreciated.



[Re-Titled by Moderator]

Mac mini (M2 Pro, 2023)

Posted on Dec 17, 2024 1:19 PM

Reply
5 replies
User profile for user: g_wolfman
g_wolfman
User level: Level 4
3,502 points

Dec 17, 2024 6:11 PM in response to Bill Walker2

If you are intending to run an Internet accessible Apache httpd server on your Mac (debatable if that's a good idea in the first place), then the built in application firewall is completely the wrong tool.


I mean, it's a poor tool in general but it is absolutely not the tool for protecting a Web Server.


You need to be looking at the packet filter Firewall pf for that sort of thing, and filtering at the packet, not application layer. You might also want to think about how your network is set up and whether you have a proper reverse proxy and network segregated DMZ.

Reply
User profile for user: etresoft
etresoft
User level: Level 9
57,026 points

Dec 17, 2024 5:00 PM in response to Bill Walker2

Bill Walker2 wrote:

Is anyone successfully operating Sonoma 24 hours every day with the firewall turned on? If yes, what did you do to make it work?

Why do you want to turn on the firewall?

brew Services Restart

One problem I see very often is people who have problems running some basic command-line tool who turn out to be using homebred.

sudo computeruser/PATH to ALIAS/brew Services Start

While I definitely disavow anything Homebrew-related, what's going on with these commands?


Oh, I get it. Normally this is written /path/to/whatever.

GE Programable Control Power Strip to simulate power failures up to 8 times per day

Maybe take a step back and ask why you are using a Mac for this? It sounds like you're running some kind of server. The Mac is a consumer device. It is NOT designed to be a server.


Reply
User profile for user: Bill Walker2
Bill Walker2 Author
User level: Level 1
28 points

Dec 17, 2024 10:09 PM in response to etresoft

etresoft thank you for your reply.


I am using the Apple firewall because my SonicWall is old and the Apple firewall has worked well for about 5 years.


I have been using apple computer for domain servers for more than 20 years without major problems.

During the last 5 years I have been serving 17 - 18 domains and they have worked very well until upgrading to Sequoia.


Many of the programs that come with the apple operating sustem make running a web server very easy including Apache and it ability to customize it using various modules such as:

LoadModule access_compat_module lib/httpd/modules/mod_access_compat.so

LoadModule actions_module lib/httpd/modules/mod_actions.so

LoadModule alias_module lib/httpd/modules/mod_alias.so

LoadModule allowmethods_module lib/httpd/modules/mod_allowmethods.so

LoadModule asis_module lib/httpd/modules/mod_asis.so


LoadModule authz_groupfile_module lib/httpd/modules/mod_authz_groupfile.so

LoadModule authz_host_module lib/httpd/modules/mod_authz_host.so

LoadModule authz_owner_module lib/httpd/modules/mod_authz_owner.so

LoadModule authz_user_module lib/httpd/modules/mod_authz_user.so

LoadModule autoindex_module lib/httpd/modules/mod_autoindex.so

LoadModule brotli_module lib/httpd/modules/mod_brotli.so

LoadModule buffer_module lib/httpd/modules/mod_buffer.so

LoadModule cache_disk_module lib/httpd/modules/mod_cache_disk.so

LoadModule cache_module lib/httpd/modules/mod_cache.so


LoadModule charset_lite_module lib/httpd/modules/mod_charset_lite.so

LoadModule data_module lib/httpd/modules/mod_data.so

LoadModule dav_fs_module lib/httpd/modules/mod_dav_fs.so

LoadModule dav_lock_module lib/httpd/modules/mod_dav_lock.so

LoadModule dav_module lib/httpd/modules/mod_dav.so

LoadModule dbd_module lib/httpd/modules/mod_dbd.so

LoadModule deflate_module lib/httpd/modules/mod_deflate.so

LoadModule dialup_module lib/httpd/modules/mod_dialup.so

LoadModule dir_module lib/httpd/modules/mod_dir.so

LoadModule dumpio_module lib/httpd/modules/mod_dumpio.so

LoadModule echo_module lib/httpd/modules/mod_echo.so

LoadModule file_cache_module lib/httpd/modules/mod_file_cache.so


LoadModule http2_module lib/httpd/modules/mod_http2.so

LoadModule include_module lib/httpd/modules/mod_include.so

LoadModule info_module lib/httpd/modules/mod_info.so

LoadModule log_config_module lib/httpd/modules/mod_log_config.so

LoadModule log_debug_module lib/httpd/modules/mod_log_debug.so

LoadModule log_forensic_module lib/httpd/modules/mod_log_forensic.so

LoadModule logio_module lib/httpd/modules/mod_logio.so

LoadModule macro_module lib/httpd/modules/mod_macro.so

LoadModule mime_magic_module lib/httpd/modules/mod_mime_magic.so

LoadModule mpm_prefork_module lib/httpd/modules/mod_mpm_prefork.so

LoadModule negotiation_module lib/httpd/modules/mod_negotiation.so

LoadModule php_module /opt/homebrew/opt/php/lib/httpd/modules/libphp.so

LoadModule proxy_ajp_module lib/httpd/modules/mod_proxy_ajp.so

LoadModule proxy_balancer_module lib/httpd/modules/mod_proxy_balancer.so

LoadModule proxy_express_module lib/httpd/modules/mod_proxy_express.so

LoadModule proxy_fcgi_module lib/httpd/modules/mod_proxy_fcgi.so

LoadModule proxy_fdpass_module lib/httpd/modules/mod_proxy_fdpass.so

LoadModule proxy_ftp_module lib/httpd/modules/mod_proxy_ftp.so

LoadModule proxy_hcheck_module lib/httpd/modules/mod_proxy_hcheck.so

LoadModule proxy_html_module lib/httpd/modules/mod_proxy_html.so

LoadModule proxy_module lib/httpd/modules/mod_proxy.so

LoadModule proxy_scgi_module lib/httpd/modules/mod_proxy_scgi.so

LoadModule proxy_wstunnel_module lib/httpd/modules/mod_proxy_wstunnel.so

LoadModule ratelimit_module lib/httpd/modules/mod_ratelimit.so

LoadModule reflector_module lib/httpd/modules/mod_reflector.so

LoadModule remoteip_module lib/httpd/modules/mod_remoteip.so

LoadModule reqtimeout_module lib/httpd/modules/mod_reqtimeout.so

LoadModule request_module lib/httpd/modules/mod_request.so

LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so

LoadModule sed_module lib/httpd/modules/mod_sed.so

LoadModule session_cookie_module lib/httpd/modules/mod_session_cookie.so

LoadModule session_crypto_module lib/httpd/modules/mod_session_crypto.so

LoadModule session_dbd_module lib/httpd/modules/mod_session_dbd.so

LoadModule session_module lib/httpd/modules/mod_session.so


LoadModule socache_dbm_module lib/httpd/modules/mod_socache_dbm.so


LoadModule ssl_module lib/httpd/modules/mod_ssl.so



plus the support for perl, python and database management.


It is easy and free to create SSL certificates using LetsEncript which has a great website with step by step on how to set it up.


There is a lot of help online for a mac domain server.


Lastly it has been fun.


The Sequoia initially had options to allow incoming connections related to http and webservers. They appear to be turned off in Sequoia 15.2 but it has a microsoft.VSCode.helper option. What is that?


Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Sequoia Firewall blocking Apache httpd Server after about 2 hours of restarting.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up