[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

How to block port 80 without the firewall?

Posted on 2011-03-17
14
Medium Priority
?
596 Views
Last Modified: 2013-11-18
I have a web server that is Windows Server 2003 SP2 running IIS.

Due to PCI compliance, I want it to ONLY serve securely on 443. I can't have port 80 listening at all. I'd like to block this without using the firewall.

When I right click on the site, click Advanced under Web site identification, it allows me t oremove port 80, but it dithers out the OK button.

Is there a quick and easy way to disable 80 without affecting any other ports?
0
Comment
Question by:jat0369
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 1

Author Comment

by:jat0369
ID: 35160105
I am, netstat still shows that port 80 is listening.

That's the most important part...block listening on 80
0
 
LVL 2

Expert Comment

by:pjaguilar
ID: 35160633
Would you mind if, instead of listening in port 80, it listen to port, i.e. 3456?

Regards
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 5

Expert Comment

by:rorybreen
ID: 35160843
Hi,

Look into using TCPIP filters to block inbound access.

http://support.microsoft.com/kb/816792

0
 
LVL 1

Author Comment

by:jat0369
ID: 35166212
PJJaquilar - I figured that'd be a good enough idea to hide the port, but it's still listening. It's not the solution I'd be totally happy with, but it's a decent enough solution to get past auditing...

Rorybreen - I saw that and thought that would be a great option, however...it doesn't have a specific option to "Block Only"...just "Allow Only". I'm not sure what other ports I should be allowing through as I don't want to kill the other services.
0
 
LVL 2

Expert Comment

by:pjaguilar
ID: 35166277
Ok, so in the meantime, in IIS administration, you can go to properties of the web site and change the TCP port to something non-standard...

You can also block the port in the company Firewall, if you have one...

Best Regards
0
 
LVL 1

Author Comment

by:jat0369
ID: 35191138
Is there some way I could do this using IPSec? Not sure how but any advice would be appreciated.
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35191431
Hi,

Can you clarify why you are unable to change the firewall settings as this is traditional the best location to restrict access ?

Let me do some further digging for you on IPSEC
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35191451
Hi,

I came across this KB article which offers guidance on how to block specific ports.

http://support.microsoft.com/kb/813878
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35191461
btw, I would highly recommend you test this on a Dev/test server before making the changes on your production server in case you block yourself out..

Also make sure you have direct console access (non network) just in case.
0
 
LVL 1

Author Comment

by:jat0369
ID: 35192214
Thanks Rorybreen. Yup. All this is done on my dev environment first. Luckily it's in VMware so I've snapped it beforehand as well. :-)
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35192347
great ;)..

Just had visions of recommending changes and then you lossing RD access to the box. gulp
0
 
LVL 1

Accepted Solution

by:
jat0369 earned 0 total points
ID: 35348505
I couldn't really accomplish what I wanted to do, so I set the listening port to something different. It's not the solution I was looking for, but it will work.
0
 
LVL 1

Author Closing Comment

by:jat0369
ID: 35373149
No answer fully resolved the issue so this fix will have to work
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question