Re: Danger to having Port 80 open on hardware firewall
From: Les Connor [SBS MVP] (les.connor_at_DEL.cfive.ca)
Date: 03/22/04
- Next message: AT: "Re: OEM CALS"
- Previous message: Kevin Weilbacher [SBS-MVP]: "Re: Backup server option for SBS"
- In reply to: Kevin Weilbacher [SBS-MVP]: "Re: Danger to having Port 80 open on hardware firewall"
- Next in thread: Kevin Weilbacher [SBS-MVP]: "Re: Danger to having Port 80 open on hardware firewall"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 21 Mar 2004 20:56:51 -0600
Seems to me that if you don't port forward 80, then you are not going to get
the ssl redirection <http <> https>.
;-).
-- Les Connor [SBS MVP] ------------------------------------- SBS Rocks ! "Kevin Weilbacher [SBS-MVP]" <kweilbacMVP@gte.net> wrote in message news:##5rOb7DEHA.3412@TK2MSFTNGP10.phx.gbl... > I was simply replying to the issue of getting http://fqdn/remote to redirect > to https://fqdn/remote - and that in my case, as well as the orignal poster, > it doesn't just happen "by design" (out of the box). And, Yes, I am running > ISA. > > -- > Kevin Weilbacher [SBS-MVP] > "The days pass by so quickly now, the nights are seldom long" > > > "Tony Su" <anonymous@discussions.microsoft.com> wrote in message > news:1130501c40f7d$41708bc0$a101280a@phx.gbl... > > If you are particularly concerned about HTTP attacks over > > port 80, consider upgrading to ISA. > > > > URL redirections and Port Address Translation isn't going > > to do much to protect you against HTTP attacks and there > > are very products out there which can do anything about it. > > > > ISA is one product which can, provided you configure > > properly. Instead of simply forwarding the original > > content and request, the original request is <terminated> > > at ISA and never touches the webserver. Mal-formed > > requests never go any further. Well-formed requests are > > <re-created> and passed to the webserver on behalf of the > > original User... but, as I've described even well-formed > > requests are never passed directly to the webserver. > > > > I describe this further in my "Web Publishing Companyweb" > > recommendation, click on the first link at > > > > www.su-networking.com/faq/ > > > > Tony Su > > > > > > > > > > > > >-----Original Message----- > > >Thanks to both of you. I will look into both options in > > the next day or so. > > > > > >John > > > > > > > > > > > > > > >"Javier Gomez [SBS MVP]" > > <javier_gomez@remove.this.engineer.com> wrote in > > >message news:ee5JeQ1DEHA.2652@TK2MSFTNGP10.phx.gbl... > > >> If your ISP (or whomever is hosting your public DNS > > records) supports URL > > >> redirection... you could close port 80 and still keep > > the convinience of > > >> using http. I usually redirect > > http://webmail.domain.com to > > >> https://mail.domain.com/exchange and so on. > > >> > > >> -- > > >> Javier [SBS MVP] > > >> > > >> << SBS ROCKS !!! >> > > >> > > >> "Steven Banks [SBS MVP]" <steve@newsonline.banksnw.com> > > wrote in message > > >> news:OdW2aXxDEHA.548@TK2MSFTNGP10.phx.gbl... > > >> > John, > > >> > > > >> > By design, when you type in http://fqdn/remote it > > should connect and > > >> > immediately switch to https://fqdn/remote. Is this > > happening for you? > > >If > > >> > not, ensure port 443 is enabled as the SSL port for > > the default Website > > >> and > > >> > that you have your server's cert showing under the > > Directory Security > > >> > Properties of Remote. If it is still not switching > > to SSL, then re-run > > >> the > > >> > CEICW. > > >> > > > >> > To answer your first question, If port 80 is really > > bugging you, you can > > >> > always take it out. If your server is patched up to > > date and running > > >> > current AV software and is behind your firewall, your > > exposure on port > > >80 > > >> is > > >> > a low risk in my opinion. If you don't patch and > > keep current AV > > >software > > >> > running, then you'll be hit over port 25 from email > > based worm/virus > > >> attacks > > >> > long before port 80 becomes an issue most likely. > > >> > > > >> > Steve > > >> > > > >> > -- > > >> > Banks Consulting Northwest > > >> > http://www.banksnw.com > > >> > > > >> > > > >> > "John" <jk@rt.com> wrote in message > > >> > news:OqCdyhwDEHA.2908@TK2MSFTNGP09.phx.gbl... > > >> > I am running SBS2003 standard with a dual NIC > > configuration and Linksys > > >> > firewall. I do NOT have the root setup to publish a > > website. I have > > >> found > > >> > that if I have port 80 forwarded to my WAN nic I am > > able to access RWW > > >by > > >> > typing fqdn/remote instead of https://fqdn/remote. > > I have closed the > > >> port > > >> > for now but am curious if this is a bad idea just to > > gain some > > >> convenience. > > >> > > > >> > TIA > > >> > > > >> > John > > >> > > > >> > > > >> > > > >> > > > >> > > >> > > > > > > > > >. > > > > >
- Next message: AT: "Re: OEM CALS"
- Previous message: Kevin Weilbacher [SBS-MVP]: "Re: Backup server option for SBS"
- In reply to: Kevin Weilbacher [SBS-MVP]: "Re: Danger to having Port 80 open on hardware firewall"
- Next in thread: Kevin Weilbacher [SBS-MVP]: "Re: Danger to having Port 80 open on hardware firewall"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
