Why is Windows Firewall blocking inbound LAN connections to httpd, despite a firewall rule?

Question

(Similar to this question, I know, however the answer was not a solution.)

I freshly installed Apache 2.4 as a service on Windows 7 Professional, and configured it correctly, however it is only accessible from LAN clients if I disable Windows Firewall. (LAN clients time out if Windows Firewall is running). Because the issue is not present when disabling Windows Firewall, I do not presume it is an error in httpd's configuration. Enabling dropped-packet logging with Windows Firewall on leaves me with a blank logfile, which is perplexing to me. If Windows Firewall is indeed blocking/dropping inbound packets to port 80, why would it not log this? Better yet, why would Windows Firewall continue to block the connections despite my firewall rule?

I have implemented an inbound firewall rule with the following options: Action: Allow the connection. Service: Apache2.4. TCP Port: 80. Local IP: Any. Remote IP: Local Subnet. I have verified the rule applies to all network locations. This does not resolve the issue. I do not believe the rule is invalid.

Running netstat -ao yielded the following relevant result with Windows Firewall on or off. 10.0.0.76 is the host I am running httpd on:

Active Connections
Proto  Local Address          Foreign Address        State           PID
TCP    10.0.0.76:80           Traxus-GD65:0          LISTENING       9104

If httpd is indeed working, I should be seeing a LISTEN state on IP 10.0.0.76:80 for PID 9104 (httpd's PID at the time of running the command), and indeed it is there. The Apache server is verified to be functioning correctly, narrowing down the cause of the problem to Windows Firewall.

Here is the output from running netsh advfirewall firewall show rule name="Apache HTTP Server" dir=in:

Rule Name:                            Apache HTTP Server
----------------------------------------------------------------------
Enabled:                              Yes
Direction:                            In
Profiles:                             Domain,Private,Public
Grouping:
LocalIP:                              Any
RemoteIP:                             LocalSubnet
Protocol:                             TCP
LocalPort:                            80
RemotePort:                           All
Edge traversal:                       No
Action:                               Allow
Ok.

Also, here is the relevant output of running netstat /bn with Windows Firewall disabled:

Active Connections
  Proto  Local Address          Foreign Address        State
  TCP    10.0.0.76:80           10.0.0.209:49019       ESTABLISHED
 [httpd.exe]
  TCP    10.0.0.76:80           10.0.0.209:49020       ESTABLISHED
 [httpd.exe]

The 10.0.0.209 address is my LAN client. These two connections only appear when Windows Firewall is disabled, and after I have connected the client.

Answer 1

I fixed the problem, but I'm not sure why it worked. I went back and deleted my firewall rules, like I did many times already, and made a new rule for local port 80. Even with the same exact settings as my previous rule, the new one now works. I'm not sure I can put this is a real answer since I do not fully understand the mechanism behind this development. – floofies

I second this solution, and make it into an answer for other's sake. Although I'm quite puzzled as to why it works, indeed just removing the executable path requirement from my rules was enough to enable inbound connections on my Windows 10 machine. Thanks for the hint, floofies!