How to configure Windows Firewall to allow all ports in use by IIS Express

windows-7 windows networking firewall
7,915

There are a couple problems you're running into here. One is that iisexpress.exe isn't actually the process responsible for listening to HTTP traffic. That functionality is implemented in http.sys as a kernel-mode part of the Windows networking stack. (This was done for performance reasons. For more information, see Introduction to IIS Architectures.) Therefore, creating a rule for iisexpress.exe won't do anything.

Secondly, http.sys by default doesn't allow programs running as non-admins listen to other computers. According to Serving External Traffic with WebMatrix, you need to run this command in an administrative command prompt to allow all users to listen to other machines via http.sys:

netsh http add urlacl url=http://MACHNAME:PORT/ user=everyone

Replace MACHNAME with the hostname that will be used to contact the site and PORT with the traffic's port. I have read that using * instead of a specific hostname lets it listen on all names/interfaces, but I have not personally tested that, and some documentation uses + instead. Either way, once you've set the ACL, you can then create an inbound firewall rule for the port.

Further reading: Configuring HTTP and HTTPS.

Side comment: There's an actual environment variable that points to the 32-bit version of Program Files: %PROGRAMFILES(X86)%. (The path wasn't your problem, though.)

Share:
7,915

Related videos on Youtube

user1039855
Author by

user1039855

Updated on September 18, 2022

Comments

  • user1039855
    user1039855 over 1 year

    My understanding of this technet article, per the page that brought me there*, is that I can configure the Windows Firewall to allow all inbound traffic on any port being used by a specified executable.

    I realize the defacto answer is likely to be "Don't do this", so please understand; I'm running Visual Studio and IIS Express inside a virtual machine, and want to be able to connect from the host OS for testing purposes, and thus not really concerned with the security implications of opening all ports being used by IIS Express.

    I created an inbound rule with Program set to %ProgramFiles% (x86)\IIS Express\iisexpress.exe, which is the executable running according to the task manager. All other rule specs are left empty (any local address, any remote address, and local port, any remote port, "any" allowed users, "any" allowed computers). Yet, the connection only works if I have a rule for the specific port being served up by IIS Express.

    Since it would make my life easier (and largely on principle since technet says it should work), I'd rather not have to add a firewall rule for each app I create.

    * Task "Create a rule that allows a program to listen for and accept inbound network traffic on any ports it requires."

    • Abraxas
      Abraxas over 9 years
      Since you mentioned security not being a concern is there any issue with opening all ports?
    • kodybrown
      kodybrown about 8 years
      Just turn off the firewall in the guest operating system.. :-) I always disable everything I can in my guest OSes..

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why Windows Firewall does not block outgoing traffic?
Possible to find out what's using javaw.exe to connect outside the network?
How to quickly Enable/Disable Internet Traffic so that it ONLY goes to ONE program?
How can I restrict windows 7 to only use the local subnet, but block the internet
How to block all traffic but one IP in Windows Firewall?
Windows firewall blocks remote desktop with custom port
How to display all accessible domains on Windows 7?
TCP/IP Forwarding in Windows Vista and Above
Unable to connect to windows shares without restart
Windows 7 can't connect via ethernet to Airport Extreme