Solved

How to block port 80 without the firewall?

Posted on 2011-03-17
14
550 Views
Last Modified: 2013-11-18
I have a web server that is Windows Server 2003 SP2 running IIS.

Due to PCI compliance, I want it to ONLY serve securely on 443. I can't have port 80 listening at all. I'd like to block this without using the firewall.

When I right click on the site, click Advanced under Web site identification, it allows me t oremove port 80, but it dithers out the OK button.

Is there a quick and easy way to disable 80 without affecting any other ports?
0
Comment
Question by:jat0369
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 11

Expert Comment

by:wrmichael
ID: 35160081
0
 
LVL 1

Author Comment

by:jat0369
ID: 35160105
I am, netstat still shows that port 80 is listening.

That's the most important part...block listening on 80
0
 
LVL 2

Expert Comment

by:pjaguilar
ID: 35160633
Would you mind if, instead of listening in port 80, it listen to port, i.e. 3456?

Regards
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35160843
Hi,

Look into using TCPIP filters to block inbound access.

http://support.microsoft.com/kb/816792

0
 
LVL 1

Author Comment

by:jat0369
ID: 35166212
PJJaquilar - I figured that'd be a good enough idea to hide the port, but it's still listening. It's not the solution I'd be totally happy with, but it's a decent enough solution to get past auditing...

Rorybreen - I saw that and thought that would be a great option, however...it doesn't have a specific option to "Block Only"...just "Allow Only". I'm not sure what other ports I should be allowing through as I don't want to kill the other services.
0
 
LVL 2

Expert Comment

by:pjaguilar
ID: 35166277
Ok, so in the meantime, in IIS administration, you can go to properties of the web site and change the TCP port to something non-standard...

You can also block the port in the company Firewall, if you have one...

Best Regards
0
 
LVL 1

Author Comment

by:jat0369
ID: 35191138
Is there some way I could do this using IPSec? Not sure how but any advice would be appreciated.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 5

Expert Comment

by:rorybreen
ID: 35191431
Hi,

Can you clarify why you are unable to change the firewall settings as this is traditional the best location to restrict access ?

Let me do some further digging for you on IPSEC
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35191451
Hi,

I came across this KB article which offers guidance on how to block specific ports.

http://support.microsoft.com/kb/813878
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35191461
btw, I would highly recommend you test this on a Dev/test server before making the changes on your production server in case you block yourself out..

Also make sure you have direct console access (non network) just in case.
0
 
LVL 1

Author Comment

by:jat0369
ID: 35192214
Thanks Rorybreen. Yup. All this is done on my dev environment first. Luckily it's in VMware so I've snapped it beforehand as well. :-)
0
 
LVL 5

Expert Comment

by:rorybreen
ID: 35192347
great ;)..

Just had visions of recommending changes and then you lossing RD access to the box. gulp
0
 
LVL 1

Accepted Solution

by:
jat0369 earned 0 total points
ID: 35348505
I couldn't really accomplish what I wanted to do, so I set the listening port to something different. It's not the solution I was looking for, but it will work.
0
 
LVL 1

Author Closing Comment

by:jat0369
ID: 35373149
No answer fully resolved the issue so this fix will have to work
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Preface This is the third article about the EE Collaborative Login Project. A Better Website Login System (http://www.experts-exchange.com/A_2902.html) introduces the Login System and shows how to implement a login page. The EE Collaborative Logi…
Styling your websites can become very complex. Here I'll show how SASS can help you better organize, maintain and reuse your CSS code.
Viewers will learn about the different types of variables in Java and how to declare them. Decide the type of variable desired: Put the keyword corresponding to the type of variable in front of the variable name: Use the equal sign to assign a v…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now