How to block port 80 without the firewall?

I have a web server that is Windows Server 2003 SP2 running IIS.

Due to PCI compliance, I want it to ONLY serve securely on 443. I can't have port 80 listening at all. I'd like to block this without using the firewall.

When I right click on the site, click Advanced under Web site identification, it allows me t oremove port 80, but it dithers out the OK button.

Is there a quick and easy way to disable 80 without affecting any other ports?
LVL 1
jat0369Asked:
Who is Participating?
 
jat0369Connect With a Mentor Author Commented:
I couldn't really accomplish what I wanted to do, so I set the listening port to something different. It's not the solution I was looking for, but it will work.
0
 
Wayne MichaelSenior Software DeveloperCommented:
0
 
jat0369Author Commented:
I am, netstat still shows that port 80 is listening.

That's the most important part...block listening on 80
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
pjaguilarCommented:
Would you mind if, instead of listening in port 80, it listen to port, i.e. 3456?

Regards
0
 
rorybreenCommented:
Hi,

Look into using TCPIP filters to block inbound access.

http://support.microsoft.com/kb/816792

0
 
jat0369Author Commented:
PJJaquilar - I figured that'd be a good enough idea to hide the port, but it's still listening. It's not the solution I'd be totally happy with, but it's a decent enough solution to get past auditing...

Rorybreen - I saw that and thought that would be a great option, however...it doesn't have a specific option to "Block Only"...just "Allow Only". I'm not sure what other ports I should be allowing through as I don't want to kill the other services.
0
 
pjaguilarCommented:
Ok, so in the meantime, in IIS administration, you can go to properties of the web site and change the TCP port to something non-standard...

You can also block the port in the company Firewall, if you have one...

Best Regards
0
 
jat0369Author Commented:
Is there some way I could do this using IPSec? Not sure how but any advice would be appreciated.
0
 
rorybreenCommented:
Hi,

Can you clarify why you are unable to change the firewall settings as this is traditional the best location to restrict access ?

Let me do some further digging for you on IPSEC
0
 
rorybreenCommented:
Hi,

I came across this KB article which offers guidance on how to block specific ports.

http://support.microsoft.com/kb/813878
0
 
rorybreenCommented:
btw, I would highly recommend you test this on a Dev/test server before making the changes on your production server in case you block yourself out..

Also make sure you have direct console access (non network) just in case.
0
 
jat0369Author Commented:
Thanks Rorybreen. Yup. All this is done on my dev environment first. Luckily it's in VMware so I've snapped it beforehand as well. :-)
0
 
rorybreenCommented:
great ;)..

Just had visions of recommending changes and then you lossing RD access to the box. gulp
0
 
jat0369Author Commented:
No answer fully resolved the issue so this fix will have to work
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.