Solved

Unusual port numbers recorded when accessing IIS website through a Reverse Proxy

Posted on 2016-07-21
1
47 Views
Last Modified: 2016-07-21
Hello Experts

A customer of mine has an internal webserver that logs all accesses.  They used to use NAT to allow external access to this webserver and each access was recorded in the IIS logs as coming in on port 443 (correctly).

I have recently deployed an IIS based Reverse Proxy for them (along with DMZ / ASA firewall etc) and now the logs on the internal webserver records the access attempts as coming from the correct customer public IP addresses but on ports other than 443 (see attached image).

Everything seems to be working correctly and the firewall is only allowing 443 access from outside in so I am at a loss at the moment to explain the odd ports in the IIS logs - if anyone can offer a reason for this I would be most grateful.

Thanks.
1.jpg
0
Comment
Question by:Plagus
1 Comment
 
LVL 30

Accepted Solution

by:
Britt Thompson earned 500 total points
ID: 41722994
I feel this is normal behavior. Access from the client source port will be something random with this setup like outbound access through your ASA to external services. If you watch the logs in the ASA you'll see the same situation reporting client source ports with normal destination ports.
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question