Solved

How to block port 80 without the firewall?

Posted on 2011-03-17
14
561 Views
Last Modified: 2013-11-18
I have a web server that is Windows Server 2003 SP2 running IIS.

Due to PCI compliance, I want it to ONLY serve securely on 443. I can't have port 80 listening at all. I'd like to block this without using the firewall.

When I right click on the site, click Advanced under Web site identification, it allows me t oremove port 80, but it dithers out the OK button.

Is there a quick and easy way to disable 80 without affecting any other ports?
0
Comment
Question by:jat0369
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 11

Expert Comment

by:wrmichael
ID: 35160081
0
 
LVL 1

Author Comment

by:jat0369
ID: 35160105
I am, netstat still shows that port 80 is listening.

That's the most important part...block listening on 80
0
 
LVL 2

Expert Comment

by:pjaguilar
ID: 35160633
Would you mind if, instead of listening in port 80, it listen to port, i.e. 3456?

Regards
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 5

Expert Comment

by:rorybreen
ID: 35160843
Hi,

Look into using TCPIP filters to block inbound access.

http://support.microsoft.com/kb/816792

0
 
LVL 1

Author Comment

by:jat0369
ID: 35166212
PJJaquilar - I figured that'd be a good enough idea to hide the port, but it's still listening. It's not the solution I'd be totally happy with, but it's a decent enough solution to get past auditing...

Rorybreen - I saw that and thought that would be a great option, however...it doesn't have a specific option to "Block Only"...just "Allow Only". I'm not sure what other ports I should be allowing through as I don't want to kill the other services.
0
 
LVL 2

Expert Comment

by:pjaguilar
ID: 35166277
Ok, so in the meantime, in IIS administration, you can go to properties of the web site and change the TCP port to something non-standard...

You can also block the port in the company Firewall, if you have one...

Best Regards
0
 
LVL 1

Author Comment

by:jat0369
ID: 35191138
Is there some way I could do this using IPSec? Not sure how but any advice would be appreciated.
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35191431
Hi,

Can you clarify why you are unable to change the firewall settings as this is traditional the best location to restrict access ?

Let me do some further digging for you on IPSEC
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35191451
Hi,

I came across this KB article which offers guidance on how to block specific ports.

http://support.microsoft.com/kb/813878
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35191461
btw, I would highly recommend you test this on a Dev/test server before making the changes on your production server in case you block yourself out..

Also make sure you have direct console access (non network) just in case.
0
 
LVL 1

Author Comment

by:jat0369
ID: 35192214
Thanks Rorybreen. Yup. All this is done on my dev environment first. Luckily it's in VMware so I've snapped it beforehand as well. :-)
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35192347
great ;)..

Just had visions of recommending changes and then you lossing RD access to the box. gulp
0
 
LVL 1

Accepted Solution

by:
jat0369 earned 0 total points
ID: 35348505
I couldn't really accomplish what I wanted to do, so I set the listening port to something different. It's not the solution I was looking for, but it will work.
0
 
LVL 1

Author Closing Comment

by:jat0369
ID: 35373149
No answer fully resolved the issue so this fix will have to work
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Browsers only know CSS so your awesome SASS code needs to be translated into normal CSS. Here I'll try to explain what you should aim for in order to take full advantage of SASS.
JavaScript has plenty of pieces of code people often just copy/paste from somewhere but never quite fully understand. Self-Executing functions are just one good example that I'll try to demystify here.
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question