Solved

How to block port 80 without the firewall?

Posted on 2011-03-17
14
579 Views
Last Modified: 2013-11-18
I have a web server that is Windows Server 2003 SP2 running IIS.

Due to PCI compliance, I want it to ONLY serve securely on 443. I can't have port 80 listening at all. I'd like to block this without using the firewall.

When I right click on the site, click Advanced under Web site identification, it allows me t oremove port 80, but it dithers out the OK button.

Is there a quick and easy way to disable 80 without affecting any other ports?
0
Comment
Question by:jat0369
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 1

Author Comment

by:jat0369
ID: 35160105
I am, netstat still shows that port 80 is listening.

That's the most important part...block listening on 80
0
 
LVL 2

Expert Comment

by:pjaguilar
ID: 35160633
Would you mind if, instead of listening in port 80, it listen to port, i.e. 3456?

Regards
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:rorybreen
ID: 35160843
Hi,

Look into using TCPIP filters to block inbound access.

http://support.microsoft.com/kb/816792

0
 
LVL 1

Author Comment

by:jat0369
ID: 35166212
PJJaquilar - I figured that'd be a good enough idea to hide the port, but it's still listening. It's not the solution I'd be totally happy with, but it's a decent enough solution to get past auditing...

Rorybreen - I saw that and thought that would be a great option, however...it doesn't have a specific option to "Block Only"...just "Allow Only". I'm not sure what other ports I should be allowing through as I don't want to kill the other services.
0
 
LVL 2

Expert Comment

by:pjaguilar
ID: 35166277
Ok, so in the meantime, in IIS administration, you can go to properties of the web site and change the TCP port to something non-standard...

You can also block the port in the company Firewall, if you have one...

Best Regards
0
 
LVL 1

Author Comment

by:jat0369
ID: 35191138
Is there some way I could do this using IPSec? Not sure how but any advice would be appreciated.
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35191431
Hi,

Can you clarify why you are unable to change the firewall settings as this is traditional the best location to restrict access ?

Let me do some further digging for you on IPSEC
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35191451
Hi,

I came across this KB article which offers guidance on how to block specific ports.

http://support.microsoft.com/kb/813878
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35191461
btw, I would highly recommend you test this on a Dev/test server before making the changes on your production server in case you block yourself out..

Also make sure you have direct console access (non network) just in case.
0
 
LVL 1

Author Comment

by:jat0369
ID: 35192214
Thanks Rorybreen. Yup. All this is done on my dev environment first. Luckily it's in VMware so I've snapped it beforehand as well. :-)
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35192347
great ;)..

Just had visions of recommending changes and then you lossing RD access to the box. gulp
0
 
LVL 1

Accepted Solution

by:
jat0369 earned 0 total points
ID: 35348505
I couldn't really accomplish what I wanted to do, so I set the listening port to something different. It's not the solution I was looking for, but it will work.
0
 
LVL 1

Author Closing Comment

by:jat0369
ID: 35373149
No answer fully resolved the issue so this fix will have to work
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction and Prerequisites This article describes methods for detecting whether a client browser accepts and returns HTTP cookies and whether the client browser runs JavaScript.  Most client browsers will, by default, be configured to use cooki…
Introduction Since I wrote the original article about Handling Date and Time in PHP and MySQL several years ago, it seemed like now was a good time to update it for object-oriented PHP.  This article does that, replacing as much as possible the pr…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question