DigitalOcean

Report this

What is the reason for this report?
Question

Which UFW service to use for Apache2?

Posted on August 3, 2020
Ubuntu 20.04
joestroup

By joestroup

Setting up a Ubuntu droplet for a web server, I want to choose the right firewall options.

UFW has three “services” for Apache2. “Apache” “Apache Full” and “Apache Secure”

I can’t find documentation on how these services differ.

Can someone help me find out the difference between these services?

Many thanks!



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
alexdo
alexdo
August 3, 2020

Hi, @joestroup

This really depends from your needs. There are three profiles available for Apache:

  • Apache: This profile opens only port 80 (normal, unencrypted web traffic)
  • Apache Full: This profile opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic)
  • Apache Secure: This profile opens only port 443 (TLS/SSL encrypted traffic)

It is recommended that you enable the most restrictive profile that will still allow the traffic you’ve configured. Since we haven’t configured SSL for our server yet in this guide, we will only need to allow traffic on port 80:

sudo ufw allow 'Apache'

You can verify the change by typing:

sudo ufw status

The output will provide a list of allowed HTTP traffic:

Output
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Apache                     ALLOW       Anywhere                
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache (v6)                ALLOW       Anywhere (v6)

As indicated by the output, the profile has been activated to allow access to the Apache web server.

You can find more information here:

https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-ubuntu-20-04

Hope that this helps! Regards, Alex

0
will5000
will5000
August 4, 2022

they are defined in apache2-utils.ufw.profile

# cd /etc/ufw/applications.d

/etc/ufw/applications.d# cat apache2-utils.ufw.profile 
[Apache]
title=Web Server
description=Apache v2 is the next generation of the omnipresent Apache web server.
ports=80/tcp

[Apache Secure]
title=Web Server (HTTPS)
description=Apache v2 is the next generation of the omnipresent Apache web server.
ports=443/tcp

[Apache Full]
title=Web Server (HTTP,HTTPS)
description=Apache v2 is the next generation of the omnipresent Apache web server.
ports=80,443/tcp
Crandell
Crandell
October 21, 2022

This comment has been deleted

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.