IWSVA can restrict the destination server ports to which clients can connect. HTTP
requests to a denied port are not forwarded. This approach can lock down your server
and prevent clients from using services such as streaming media applications that
contravene your network’s security policies by denying access to the ports used by
these services.
The default post-install configuration is to deny all requests, except for those to
ports 80 (HTTP), 70 (Gopher), 210 (TCP), 21 (FTP), 443 (SSL), 563 (NNTPS) and 1025
to 65535.
 |
Note
To enable FTP over HTTP connections for clients to open FTP links in Web pages, IWSVA
must be able to open a command connection to the FTP server on port 21. This requires
allowing access to port 21 on the HTTP access control settings.
|
HTTP > Configuration > Access Control Settings | Destination Ports
-
Select HTTP > Configuration > Access Control Settings from the main menu.
-
Ensure that the Destination Ports tab is activated.
-
Choose the Action to perform. Choose Deny to prevent connections to a specific port or port range on a destination server,
or Allow to permit connections to a specific port or port range.
-
Check either Port or Port Range and then enter the corresponding port(s).
-
Type a descriptive name in the Description field. (40 characters maximum)
-
Click Add. The destination port restrictions are added to the list at the bottom of the Destination Ports tab.
-
To delete a destination port or port range to which you allow or deny access, click
the Delete icon next to it.
-
Access control settings are evaluated according to the order they appear in the list
at the bottom of the Destination Ports tab.
-
To change the order that ports appear in the list, click the up or down arrows in
the Evaluation Order column.
-
Click Save.
