jat0369
asked on
How to block port 80 without the firewall?
I have a web server that is Windows Server 2003 SP2 running IIS.
Due to PCI compliance, I want it to ONLY serve securely on 443. I can't have port 80 listening at all. I'd like to block this without using the firewall.
When I right click on the site, click Advanced under Web site identification, it allows me t oremove port 80, but it dithers out the OK button.
Is there a quick and easy way to disable 80 without affecting any other ports?
Due to PCI compliance, I want it to ONLY serve securely on 443. I can't have port 80 listening at all. I'd like to block this without using the firewall.
When I right click on the site, click Advanced under Web site identification, it allows me t oremove port 80, but it dithers out the OK button.
Is there a quick and easy way to disable 80 without affecting any other ports?
ASKER
I am, netstat still shows that port 80 is listening.
That's the most important part...block listening on 80
That's the most important part...block listening on 80
Would you mind if, instead of listening in port 80, it listen to port, i.e. 3456?
Regards
Regards
ASKER
PJJaquilar - I figured that'd be a good enough idea to hide the port, but it's still listening. It's not the solution I'd be totally happy with, but it's a decent enough solution to get past auditing...
Rorybreen - I saw that and thought that would be a great option, however...it doesn't have a specific option to "Block Only"...just "Allow Only". I'm not sure what other ports I should be allowing through as I don't want to kill the other services.
Rorybreen - I saw that and thought that would be a great option, however...it doesn't have a specific option to "Block Only"...just "Allow Only". I'm not sure what other ports I should be allowing through as I don't want to kill the other services.
Ok, so in the meantime, in IIS administration, you can go to properties of the web site and change the TCP port to something non-standard...
You can also block the port in the company Firewall, if you have one...
Best Regards
You can also block the port in the company Firewall, if you have one...
Best Regards
ASKER
Is there some way I could do this using IPSec? Not sure how but any advice would be appreciated.
Hi,
Can you clarify why you are unable to change the firewall settings as this is traditional the best location to restrict access ?
Let me do some further digging for you on IPSEC
Can you clarify why you are unable to change the firewall settings as this is traditional the best location to restrict access ?
Let me do some further digging for you on IPSEC
Hi,
I came across this KB article which offers guidance on how to block specific ports.
http://support.microsoft.com/kb/813878
I came across this KB article which offers guidance on how to block specific ports.
http://support.microsoft.com/kb/813878
btw, I would highly recommend you test this on a Dev/test server before making the changes on your production server in case you block yourself out..
Also make sure you have direct console access (non network) just in case.
Also make sure you have direct console access (non network) just in case.
ASKER
Thanks Rorybreen. Yup. All this is done on my dev environment first. Luckily it's in VMware so I've snapped it beforehand as well. :-)
great ;)..
Just had visions of recommending changes and then you lossing RD access to the box. gulp
Just had visions of recommending changes and then you lossing RD access to the box. gulp
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No answer fully resolved the issue so this fix will have to work
http://www.issociate.de/board/post/232960/how_can_i_REMOVE_port_80_and_only_allow_port_443_on_iis_5.html