I am not a sysadmin but I am having to assume some duties in that realm.
We have a Debian 9 Stretch server for development use.
Linux xxxxxx 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u2 (2019-05-13) x86_64 GNU/Linux
It must be reachable on port 443 from a variety of IP addresses without any clear limits.
Current contents of /etc/apache2/sites-enabled/000-default.conf is
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
At document root we have an .htaccess with valid user required and one user only with a 16 char password.
AuthUserFile /var/www/.htpasswd
AuthName "Admin"
AuthType Basic
<Limit GET>
require valid-user
</Limit>
In /var/log/apache2/error.log I am seeing rashes of errors like this:
[Sun Mar 29 22:09:11.933648 2020] [php7:error] [pid 23376] [client 122.14.200.206:46917] script '/var/www/html/wuwu11.php' not found or unable to stat
What I think is going on is that unauthorized persons are trying to get responses over cURL on ports other than 80 and 443 and are scanning for known malware or vulnerabilities and also perhaps trying to create buffer overruns by flooding the server with requests.
I realize this may be insufficient information and too broad a question but:
1) Is my guess that the errors represent requests with high port values correct?
2) Is there a simple way to tell the server that only ports 22 and 443 can accept any connections?
