none
Windows 2016 Firewall Blocks Port 80 for Web Application Proxy RRS feed

  • Question

  • I have a freshly installed Web Application Proxy on Windows 2016.  I've tried two separate installations.

    I have published an http application and also an https application with http->https redirect in place.  There is no rule in the firewall allowing port 80 connections to the machine.  If I disable the firewall, I can make connections.

    What am I doing wrong?

    Tuesday, October 8, 2019 6:45 PM

All replies

  • It seems like you are right. There is no rule by default. But you can create one instead of disabling the firewall all together.

    New-NetFirewallRule -DisplayName "Allow 80 to 443 redirection" -Name "80to443redirect" -Action Allow -Direction Inbound -Protocol TCP -LocalPort 80


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, October 11, 2019 10:18 PM
    Owner
  • It seems like you are right. There is no rule by default. But you can create one instead of disabling the firewall all together.

    New-NetFirewallRule -DisplayName "Allow 80 to 443 redirection" -Name "80to443redirect" -Action Allow -Direction Inbound -Protocol TCP -LocalPort 80


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.


    So I didn't reply back right away because this sort of seems like something that couldn't get past Microsoft testing?  Surely my install procedure must be incomplete?

    The new functionality for WAP 2016 was that it could perform HTTP proxying.  How did it make it to release without opening the firewall port?  I mean there is a checkbox on app deploy to redirect from HTTP to HTTPS.  This doesn't work with port 80 being closed...

    Manually opening the port is obviously a way to allow HTTP traffic, and I did that, but it must be the "wrong way"?

    Friday, October 18, 2019 3:22 PM
  • Fair expectation. The feature is not enabled by default though. So it is really at the discretion of the administrator to open it in an ad-hoc manner. I'll update the documentation to reflect this.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, October 23, 2019 1:50 AM
    Owner