banner



Home  ›  What Ports Block And Allow Enail Services

What Ports Block And Allow Enail Services

Written By Friday, May 6, 2022 Add Comment Edit
  • Remove From My Forums

locked

Open up ports for Spider web Apps

  • Question

  • Howdy there.  An Azure Web App of ours recently undergone penetration testing and a number of ports were found to be open that we didn't expect.  These included:

    443, 454, 455, 1221, 4016, 4018 and 4020

    Does anyone know:

    (1) why these are open and what they are used for?

    (2) whether we can close them - I recall the answer to this question is "no" merely I thought I'd ask simply in case.

    Whatever assistance or guidance to useful data much appreciated.

    Marking

Answers

  • Hello Mark,

    You cannot close these ports equally Azure Web Apps are multi tenant environment past design.

    Description of these ports is available e.g. on https://azure.microsoft.com/en-us/documentation/articles/app-service-app-service-surround-command-inbound-traffic/ (in case App Service Environment you can actually cake some of them at the VNET level):

    • 454: Required port used by Azure infrastructure for managing and maintaining App Service Environments. Do non cake traffic to this port.
    • 455: Required port used by Azure infrastructure for managing and maintaining App Service Environments. Practise not cake traffic to this port.
    • 80: Default port for inbound HTTP traffic to apps running in App Service Plans in an App Service Environment
    • 443: Default port for inbound SSL traffic to apps running in App Service Plans in an App Service Environment
    • 21: Command channel for FTP. This port can be safely blocked if FTP is not being used.
    • 10001-10020: Data channels for FTP. Every bit with the control channel, these ports tin be safely blocked if FTP is not being used (Note: the FTP data channels may change during preview.)
    • 4016: Used for remote debugging with Visual Studio 2012. This port tin can be safely blocked if the feature is not being used.
    • 4018: Used for remote debugging with Visual Studio 2013. This port can be safely blocked if the characteristic is not existence used.
    • 4020: Used for remote debugging with Visual Studio 2015. This port can exist safely blocked if the feature is non existence used.
    • 4022: Used for remote debugging with Visual Studio 2017. This port tin can be safely blocked if the characteristic is not being used.
    • 8172 (including this one to document all possible ports which can be seen with App Service): Port used for WebDeploy service (protocol used by Visual Studio for publishing sites)
    • 7654 (including this one to document all possible ports which tin be seen with App Service) : Metadata endpoint used past the internal service (does not take whatsoever input, only returns an IP address).

    Hope this helps.

    Cheers,
    Petr

    • Marked as answer by Tuesday, July 28, 2015 2:17 PM
    • Edited by Petr.Podhorsky Microsoft employee Thursday, July 5, 2018 5:36 PM

What Ports Block And Allow Enail Services,

Source: https://social.msdn.microsoft.com/Forums/en-US/c9bcfc43-b962-47ef-a856-36bf5f9e9bdd/open-ports-for-web-apps

Posted by: coverwrig1986.blogspot.com

0 Response to "What Ports Block And Allow Enail Services"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel