9

I've just installed UFW 0.35 on Ubuntu 16.04:

root@localhost:/etc# ufw --version
ufw 0.35
Copyright 2008-2015 Canonical Ltd.

and

root@localhost:/etc# ufw app list
Available applications:
  OpenSSH

I would like to allow access to Apache on both port 80 and 443, with the command 

$ ufw allow "Apache Full"

but I got an error

ERROR: Could not find a profile matching 'Apache Full'
en Peris
  • 361
  • 1
  • 3
  • 14
  • `ufw allow http` and `ufw allow https` work for me. You can also just specify the ports - `ufw allow 80` and `ufw allow 443` - the "service names" or "profiles" are there for convenience, and simply specify default port numbers. – ivanivan Aug 04 '18 at 15:54
  • 1
    @ivanivan:  That looks like an answer.  Please post answers *as answers*, not as comments. – G-Man Says 'Reinstate Monica' Aug 05 '18 at 02:36
  • @G-Man possible, but it felt more comment-ish when I typed it. – ivanivan Aug 05 '18 at 02:52
  • the profile is created by apache after its installation, so its better to install the firewall after the apache, then the profile is available – en Peris Aug 06 '18 at 06:42

2 Answers2

14

You are likely receiving that error because there has not been a profile created for 'Apache Full'. You can see which profiles exist on your system by checking the directory:

/etc/ufw/applications.d/

To create a profile known as 'Apache Full' create a file in the above directory using the following syntax (from the man page):

     [Apache Full]
     title=<title>
     description=<description>
     ports=80/tcp,443/tcp

Next, you will update ufw app:

ufw app update "Apache Full"

Now you should be able to run the command from your question:

ufw allow "Apache Full"

To confirm that your profile is included in ufw's rules run:

ufw status
Jeff
  • 910
  • 8
  • 14
  • What is the type of the file? – Offir Sep 22 '19 at 15:26
  • 1
    I'm not sure which file you're asking about but the application profiles are stored in a plain text, flat file in the `/etc/ufw/applications.d/` directory. – Jeff Sep 23 '19 at 19:24
  • 3
    Didn't quite work for me on Debian 10.3! I had to replace the last line by ports=80/tcp|443/tcp – ccoutinho Feb 23 '20 at 00:37
4

Instead of

ufw allow "Apache Full"

you should use,

ufw allow "WWW Full"

You have to look in your /etc/ufw/applications.d/ dictionary which file is available. Maybe it is called "Http Full".

doLife
  • 41
  • 1
  • I use Lubuntu 20_04 and I have `WWW WWW Cache WWW Full WWW Secure`: After ufw allow "WWW Full" and ufw status I get an inactive status. – Timo Oct 20 '20 at 11:12