Link to home
Start Free TrialLog in
Avatar of jat0369
jat0369

asked on

How to block port 80 without the firewall?

I have a web server that is Windows Server 2003 SP2 running IIS.

Due to PCI compliance, I want it to ONLY serve securely on 443. I can't have port 80 listening at all. I'd like to block this without using the firewall.

When I right click on the site, click Advanced under Web site identification, it allows me t oremove port 80, but it dithers out the OK button.

Is there a quick and easy way to disable 80 without affecting any other ports?
Avatar of Wayne Michael
Wayne Michael
Flag of United States of America image

Avatar of jat0369
jat0369

ASKER

I am, netstat still shows that port 80 is listening.

That's the most important part...block listening on 80
Would you mind if, instead of listening in port 80, it listen to port, i.e. 3456?

Regards
Hi,

Look into using TCPIP filters to block inbound access.

http://support.microsoft.com/kb/816792

Avatar of jat0369

ASKER

PJJaquilar - I figured that'd be a good enough idea to hide the port, but it's still listening. It's not the solution I'd be totally happy with, but it's a decent enough solution to get past auditing...

Rorybreen - I saw that and thought that would be a great option, however...it doesn't have a specific option to "Block Only"...just "Allow Only". I'm not sure what other ports I should be allowing through as I don't want to kill the other services.
Ok, so in the meantime, in IIS administration, you can go to properties of the web site and change the TCP port to something non-standard...

You can also block the port in the company Firewall, if you have one...

Best Regards
Avatar of jat0369

ASKER

Is there some way I could do this using IPSec? Not sure how but any advice would be appreciated.
Hi,

Can you clarify why you are unable to change the firewall settings as this is traditional the best location to restrict access ?

Let me do some further digging for you on IPSEC
Hi,

I came across this KB article which offers guidance on how to block specific ports.

http://support.microsoft.com/kb/813878
btw, I would highly recommend you test this on a Dev/test server before making the changes on your production server in case you block yourself out..

Also make sure you have direct console access (non network) just in case.
Avatar of jat0369

ASKER

Thanks Rorybreen. Yup. All this is done on my dev environment first. Luckily it's in VMware so I've snapped it beforehand as well. :-)
great ;)..

Just had visions of recommending changes and then you lossing RD access to the box. gulp
ASKER CERTIFIED SOLUTION
Avatar of jat0369
jat0369

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jat0369

ASKER

No answer fully resolved the issue so this fix will have to work