Creating Essential Web Server Rules

2 min read Web Security Fundamentals

Creating Essential Web Server Rules

Web servers require specific inbound rules to function properly while maintaining security. Creating these rules correctly ensures accessibility for legitimate users while blocking potential threats.

Create rules for HTTP and HTTPS traffic:

# Allow HTTP (port 80)
netsh advfirewall firewall add rule name="Web Server HTTP" dir=in action=allow protocol=TCP localport=80

# Allow HTTPS (port 443)
netsh advfirewall firewall add rule name="Web Server HTTPS" dir=in action=allow protocol=TCP localport=443

# Alternative using PowerShell cmdlets
New-NetFirewallRule -DisplayName "Web Server HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
New-NetFirewallRule -DisplayName "Web Server HTTPS" -Direction Inbound -Protocol TCP -LocalPort 443 -Action Allow

Implement more sophisticated rules with additional conditions:

# Allow HTTPS only from specific subnet
New-NetFirewallRule -DisplayName "HTTPS from Corporate Network" `
    -Direction Inbound `
    -Protocol TCP `
    -LocalPort 443 `
    -RemoteAddress 10.0.0.0/8 `
    -Action Allow

# Rate limiting for HTTP/HTTPS
New-NetFirewallRule -DisplayName "Web Server HTTP Rate Limited" `
    -Direction Inbound `
    -Protocol TCP `
    -LocalPort 80 `
    -Action Allow `
    -EdgeTraversalPolicy DeferToApp `
    -LocalOnlyMapping $false

Configure rules for specific web applications:

# IIS Management
New-NetFirewallRule -DisplayName "IIS Management" `
    -Direction Inbound `
    -Protocol TCP `
    -LocalPort 8172 `
    -RemoteAddress 10.1.1.0/24 `
    -Action Allow `
    -Program "%systemdrive%\Windows\System32\inetsrv\w3wp.exe"

# Allow Web Deploy
New-NetFirewallRule -DisplayName "Web Deploy" `
    -Direction Inbound `
    -Protocol TCP `
    -LocalPort 8172 `
    -Action Allow `
    -Service MsDepSvc