I activated PHP and run the built-in (Mac OS X 10.5.8, PPC) Apache server for web development. I only access this content locally with http://localhost/ and do not want to serve it up to the net. However, my server is accessible through the IP address and I see in my Apache access log that I'm constantly being scanned by some scammers with IPs in China and Russia looking for certain exploitable files. My Apache doesn't have them, so it serves a 404 error. I would much prefer those connections blocked before they even reach Apache. I looked under System Prefs > Security > Firewall but the settings are way too rough. If I set it to "Access for specific services and applications", I can only choose GUI applications in the Applications folder, but not UNIX processes like Apache or Tor. How can I make it so that my web server is only available for local access while services like Tor, Bittorrent etc. still work?