If there is a Windows-server, and it is not possible (or desire) to set up a standard firewall, then you can look into the direction of free proven solutions. One of them is the Comodo Firewall - it's free, secure, and proven. In this article I'll describe how to secure your server using Comodo Firewall, closing all ports except 80.
You can download the firewall on the official website of Comodo. After installing the firewall will automatically close all the ports, so if you have access to server only by RDP, then you could not login to it, because the RDP port will also be closed. Be careful and pre-plan the installation and all actions, it is necessary to know which ports should be kept open.
For example, suppose the problem is to close all ports except 80. Typically, this port is used as the default port of the Web site interface. Let Apache listen to it, as it often happens. Thus, we need to open the Apache externally, so that users can visit the site, located on the server.
In Comodo Firewall, there are several types of rules: global – act for the whole server, and application rules – apply to specific applications. You can open port 80 for the whole server, but prohibit its use for the specific application. Or allow its use to only selected applications such as Apache, as in this case.
To edit the rules, you need to enter the tab . This opens a window where the first tab will be – here are application rules configured.
By clicking the Add button, you need to add an Apache application. In the area you need choose , then press Add, to add the rule.
It is important to assign the – 80. Other settings are obvious and, by default you may leave them as is. After creating the rules for the application you should go to the tab.
There is already a set of rules, one of them - which generally prohibits all connections. The logic of the rules is that they are processed from top to bottom. That is the rule to permit port 80 for the server you need to create your rule upper than the main prohibiting rule. If you create it below, it would be pointless.
After these operations - the creation of rules for the application and global rules - it will be possible to visit the site via port 80. Similarly, you can configure any ports and applications. Comodo Firewall is very flexible, for example, you can restrict access by MAC-address.
0 comments:
Post a Comment