4

My goal is to restrict all HTTP inbound requests to a specific IP addresses. I thought it would be a simple process - but I am not getting the result desired

I have modified a predefined rule called WWW (HTTP Traffic-In) - so that it "Block" incoming connection (and made sure the this inbound rule's Scope applies to the currently active Profile)

I did not at this stage - specify allowable IPs - as I want to see if the rule would block ALL http traffic inbound.

In the Private Profile (which is the active profile) - i have these settings: - Firewall state: On - Inbound connections: Allow - Outbound connections: Block

Windows Firewall Overview Page shows: - Private Profile is Active - Inbound connections that do not match a rule are allowed - Outbound connections that do not match a rule are blocked

However, the firewall rule still allowed HTTP traffic inward and my Windows 2008 server still responded with a test page

I know it should be a simple task setting up a firewall rule - but perhaps I missing something ??

Improve this question
0

1 Answer 1

Reset to default
0

This can be done with TWO rules and not just one. Since, as far as I know, the rules list is read from the top (the first rule in the list) to the end and the order of rules in the list is important.

Ref.: TechNet: Order of Windows Firewall with Advanced Security Rules Evaluation

The first rule you have to create must allow all IP addresses you want to authorized from remote ports 80.

The second rule must block all other incoming TCP packets from remote port 80 (Http).

The first rules will inspect incoming TCP packets: if they are from from remote ports 80 in TCP AND corresponding to the IP addresses you want to allow. they will be allowed. The packet MUST match all specification of that rule to be allowed. If not the next rule will check the incoming packets.

If the incoming TCP packets do not match all criteria of the first rule then the second rule will check if TCP packets are from remote ports 80 to block all of them but not the others TCP packets (on remote ports different than 80) since you want to block HTTP not in your IP address list and not all other TCP packets...

Improve this answer
1
  • @harrymc: Read the question. The asker (for no clear reason) decided to swap the default rules for inbound and outbound: inbound is now allow-by-default (and outbound is block-by-default, which is reasonable on a server but not the default out of the box).
    – CBHacking
    Commented Jan 18, 2017 at 9:56

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .