Solved

How to block port 80 without the firewall?

Posted on 2011-03-17
14
555 Views
Last Modified: 2013-11-18
I have a web server that is Windows Server 2003 SP2 running IIS.

Due to PCI compliance, I want it to ONLY serve securely on 443. I can't have port 80 listening at all. I'd like to block this without using the firewall.

When I right click on the site, click Advanced under Web site identification, it allows me t oremove port 80, but it dithers out the OK button.

Is there a quick and easy way to disable 80 without affecting any other ports?
0
Comment
Question by:jat0369
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 11

Expert Comment

by:wrmichael
ID: 35160081
0
 
LVL 1

Author Comment

by:jat0369
ID: 35160105
I am, netstat still shows that port 80 is listening.

That's the most important part...block listening on 80
0
 
LVL 2

Expert Comment

by:pjaguilar
ID: 35160633
Would you mind if, instead of listening in port 80, it listen to port, i.e. 3456?

Regards
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35160843
Hi,

Look into using TCPIP filters to block inbound access.

http://support.microsoft.com/kb/816792

0
 
LVL 1

Author Comment

by:jat0369
ID: 35166212
PJJaquilar - I figured that'd be a good enough idea to hide the port, but it's still listening. It's not the solution I'd be totally happy with, but it's a decent enough solution to get past auditing...

Rorybreen - I saw that and thought that would be a great option, however...it doesn't have a specific option to "Block Only"...just "Allow Only". I'm not sure what other ports I should be allowing through as I don't want to kill the other services.
0
 
LVL 2

Expert Comment

by:pjaguilar
ID: 35166277
Ok, so in the meantime, in IIS administration, you can go to properties of the web site and change the TCP port to something non-standard...

You can also block the port in the company Firewall, if you have one...

Best Regards
0
 
LVL 1

Author Comment

by:jat0369
ID: 35191138
Is there some way I could do this using IPSec? Not sure how but any advice would be appreciated.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 5

Expert Comment

by:rorybreen
ID: 35191431
Hi,

Can you clarify why you are unable to change the firewall settings as this is traditional the best location to restrict access ?

Let me do some further digging for you on IPSEC
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35191451
Hi,

I came across this KB article which offers guidance on how to block specific ports.

http://support.microsoft.com/kb/813878
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35191461
btw, I would highly recommend you test this on a Dev/test server before making the changes on your production server in case you block yourself out..

Also make sure you have direct console access (non network) just in case.
0
 
LVL 1

Author Comment

by:jat0369
ID: 35192214
Thanks Rorybreen. Yup. All this is done on my dev environment first. Luckily it's in VMware so I've snapped it beforehand as well. :-)
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35192347
great ;)..

Just had visions of recommending changes and then you lossing RD access to the box. gulp
0
 
LVL 1

Accepted Solution

by:
jat0369 earned 0 total points
ID: 35348505
I couldn't really accomplish what I wanted to do, so I set the listening port to something different. It's not the solution I was looking for, but it will work.
0
 
LVL 1

Author Closing Comment

by:jat0369
ID: 35373149
No answer fully resolved the issue so this fix will have to work
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now