Tips for enabling ports or running programs on windows server and server

Tips for enabling ports or running programs on windows server and server

Background: When an application, such as an http application, is deployed on a windows server, when the Internet accesses a webpage through the http protocol, the server must be allowed to access the website, the webpage content can be normally displayed in the visitor's browser. Otherwise, the webpage cannot be displayed normally. The results are similar to the following:

So how can we establish inbound rules for normal webpage access?

Generally, when testing a website, we disable the windows Firewall. After all, disabling the Firewall makes access impossible. As shown in:

When we officially deploy a website, windows Firewall should be enabled, and only some access rules can be set to make programs and webpages accessible normally.

Setting access rules is simple. In "Control Panel \ Windows Firewall \ Advanced Settings", add inbound rules. (This example uses windows server 2008 R2 as an example.)

Select one path by default. Next step. The program and port of the server can be normally accessed from outside.

To enable the system port of windows server 2003, for example, to enable port 8001

(1) set Windows 2003 system firewall

The firewall provided by Windows 2003 is called the Internet Connection Firewall. It allows secure network communication to access the network through the firewall and rejects insecure communication to protect the network from external threats. Internet Connection Firewall is only available in Windows Server 2003 Standard Edition and 32-bit Windows Server 2003 Enterprise Edition.

On a Windows 2003 Server, enable firewall for computers that are directly connected to the Internet, and support network adapter, DSL adapter, or dial-up Modem connection to the Internet.

Windows 2003 Internet Connection Firewall can manage Service ports, such as HTTP port 80 and FTP port 21. As long as the system provides these services, Internet Connection Firewall can monitor and manage these ports.

Set system firewall

1. Right-click the "local connection" icon in the lower right corner of the desktop and click the "status" option.

2. In the "local connection status" dialog box, click "properties.

3. In the pop-up "Local Connection Properties" dialog box, click the "advanced" tab.

4. The firewall startup/stop interface appears. Enable Internet Connection Firewall, select the "Protect my computer and network by limiting or blocking access from the Internet" check box, and click "set.

5. On the service tab in the "Advanced Settings" dialog box that appears, set the WAF Web service and select the "Web Server (HTTP)" option.

6. Click OK. After the configuration, the network user will not be able to access other network services provided by the server except the Web service.

Note: You can select multiple services based on the services provided by the Windows 2003 Server. Standard service systems are already preset in the system. You only need to select the appropriate options. If the server also provides non-standard services, the Administrator must manually add them.

7. Add service settings and click Add.

8. In the "add service" dialog box, enter the service description, IP address, and port number used by the Service, and select the protocol used (Web services use the TCP protocol, to set non-standard services.

9. Set firewall security log settings. In the "Advanced Settings" dialog box, select the "security logs" tab. In the "Security Log Settings" dialog box, select the project to be recorded, the firewall records the corresponding data. The default log file path is C: WindowsPfirewall. log, which can be opened in notepad. The generated security logs are in W3C extended Log File Format and can be viewed and analyzed using common log analysis tools.

Note: It is necessary to establish security logs. When server security is threatened, logs can provide reliable evidence.

10. Summary of Internet Connection Firewall

The Internet Connection Firewall can effectively intercept illegal intrusion into Windows 2003 servers, prevent illegal remote hosts from scanning the servers, and thus improve the security of Windows 2003 servers. At the same time, it can effectively intercept port attacks by using operating system vulnerabilities, such as shock waves and other worms. If you enable this firewall function on a vro constructed with Windows 2003, it can protect the entire internal network.

Important:
Step 7: add service settings
Open the "advanced" tab in the local connection and click the "Settings" button. The "Advanced Settings" dialog box is displayed, as shown in the following figure --

Click "add". The following dialog box is displayed. Enter the following information:
Service Description: tomcat server
IP Address: real address
External port: 8001 internal port: blank
Save OK
Complete the above two steps, and then enter the remaining full text on other connected machines>

On windows server 2008, how does one disable some ports or only open some ports?

In windows server 2008, there is an advanced firewall in the control panel, if you want to completely shield some ports, it will be completely forbidden in the out-stack and In-stack rules. If you want some ports to be allowed only when they do not enter the stack, the out-stack is forbidden. Otherwise, you can