Re: Danger to having Port 80 open on hardware firewall

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Dave Phillips (davidp_at_country-computing.com.au)
Date: 03/22/04 

Date: Mon, 22 Mar 2004 22:26:52 +1030

The redirection relys on traffic on HTTP (Port 80) hitting SBS/IIS . If port
80 is closed (and that is still a wise idea) then by definition, the traffic
on port 80 HTTP will never hit SBS/IIS so it will never be redirected to
https port 443.
Conclusion - keep port 80 shut, sleep at night and remember to type in
https. Easy
"Kevin Weilbacher [SBS-MVP]" <kweilbacMVP@gte.net> wrote in message
news:uisg2b7DEHA.2088@TK2MSFTNGP10.phx.gbl...
> Yes, I do (Linksys BEFSR41), and no I do not have Port 80 forwarded.
>
> --
> Kevin Weilbacher [SBS-MVP]
> "The days pass by so quickly now, the nights are seldom long"
>
>
> "John" <jk@rt.com> wrote in message
> news:el00LN7DEHA.2408@TK2MSFTNGP10.phx.gbl...
> > I tried rerunning CEICW and the resluts were the same. Kevin, do you
have
> a
> > hardware firewall installed also?
> >
> > John
> >
> >
> >
> > "Kevin Weilbacher [SBS-MVP]" <kweilbacMVP@gte.net> wrote in message
> > news:euM8Yo3DEHA.2088@TK2MSFTNGP10.phx.gbl...
> > > Steven, I have setup two SBS2003 systems, with SSL Certificate
defined,
> > and
> > > neither will allow me to use http://fqdn/remote remotely ... I must
use
> > > https://fqdn/remote
> > >
> > > --
> > > Kevin Weilbacher [SBS-MVP]
> > > "The days pass by so quickly now, the nights are seldom long"
> > >
> > >
> > > "Steven Banks [SBS MVP]" <steve@newsonline.banksnw.com> wrote in
message
> > > news:OdW2aXxDEHA.548@TK2MSFTNGP10.phx.gbl...
> > > > John,
> > > >
> > > > By design, when you type in http://fqdn/remote it should connect and
> > > > immediately switch to https://fqdn/remote. Is this happening for
you?
> > If
> > > > not, ensure port 443 is enabled as the SSL port for the default
> Website
> > > and
> > > > that you have your server's cert showing under the Directory
Security
> > > > Properties of Remote. If it is still not switching to SSL, then
> re-run
> > > the
> > > > CEICW.
> > > >
> > > > To answer your first question, If port 80 is really bugging you, you
> can
> > > > always take it out. If your server is patched up to date and
running
> > > > current AV software and is behind your firewall, your exposure on
port
> > 80
> > > is
> > > > a low risk in my opinion. If you don't patch and keep current AV
> > software
> > > > running, then you'll be hit over port 25 from email based worm/virus
> > > attacks
> > > > long before port 80 becomes an issue most likely.
> > > >
> > > > Steve
> > > >
> > > > --
> > > > Banks Consulting Northwest
> > > > http://www.banksnw.com
> > > >
> > > >
> > > > "John" <jk@rt.com> wrote in message
> > > > news:OqCdyhwDEHA.2908@TK2MSFTNGP09.phx.gbl...
> > > > I am running SBS2003 standard with a dual NIC configuration and
> Linksys
> > > > firewall. I do NOT have the root setup to publish a website. I
have
> > > found
> > > > that if I have port 80 forwarded to my WAN nic I am able to access
RWW
> > by
> > > > typing fqdn/remote instead of https://fqdn/remote. I have closed
the
> > > port
> > > > for now but am curious if this is a bad idea just to gain some
> > > convenience.
> > > >
> > > > TIA
> > > >
> > > > John
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Quantcast