How to: Restrict HTTP and HTTPS Traffic into a Zone to a Specific Port

  • Article

By writing a user-defined constraint on a zone endpoint, you can restrict which ports allow HTTP and HTTPS traffic to enter the zone. You can write constraints for other protocols using the System Definition Model (SDM) Software Development Kit (SDK), which includes a sample for an FTP protocol constraint. For more information, visit the System Definition Model (SDM) SDK Workshop online.

To restrict HTTP traffic to a specific port

  1. Add a zone to a logical datacenter diagram.

  2. On the zone, select the inbound zone endpoint and choose Settings and Constraints from the Diagram menu.

    The Settings and Constraints Editor appears.

  3. In the left pane of the editor, select the WebSiteEndpoint check box.

  4. Under the WebSiteEndpoint node, select the User Defined check box.

  5. Under the User Defined node, select the WebSite check box.

  6. Select the WebSite node and in the right pane of the editor, expand the Identity section.

  7. In the Identity section, select the ServerBindings check box.

  8. In the Operator column, choose Contains All.

  9. In the Value column, click the ellipsis () button.

    The ComplexSetting Collection Editor appears.

  10. Click Add.

  11. In the right pane, enter 80 for the Port setting.

    This restricts HTTP traffic over this inbound zone endpoint to Port 80 only.

    Tip

    To enable HTTP or HTTPS traffic over multiple ports, choose Contains One in the Operator column and specify more than one port. If you want to prevent HTTP or HTTPS traffic over specific ports, choose Contains None and specify one or more ports.

The next procedure explains how to constrain HTTPS traffic to a specific port.

To restrict HTTPS traffic to a specific port

  1. Add a zone to a logical datacenter diagram

  2. On the zone, select the inbound zone endpoint and choose Settings and Constraints from the Diagram menu.

    The Settings and Constraints Editor appears.

  3. In the left pane of the editor, select the WebSiteEndpoint check box.

  4. Under the WebSiteEndpoint node, select the User Defined check box.

  5. Under the User Defined node, select the WebSite check box.

  6. Select the WebSite node and in the right pane of the editor, expand the Authentication section.

  7. In the Authentication section, select the SecureBindings check box.

  8. In the Operator column, choose Contains All.

  9. In the Value column, click the ellipsis () button.

    The ComplexSetting Collection Editor appears.

  10. Click Add.

  11. In the right pane, enter 443 for the Port setting. Leave the IPAddress setting blank.

    This restricts HTTP traffic over this inbound zone endpoint to Port 443 only.

See Also

Other Resources

Common Application, System and Logical Server Configuration Tasks