https://community.checkpoint.com/t5/Firewall-and-Security-Management/Protection-of-port-80/m-p/140742#M26978 <P>As above if you provide something a little less generic we will probably be better able to guide you.</P> <P>Not withstanding to get the best out of the available gateway controls HTTPS inspection will be a factor.</P> Mon, 07 Feb 2022 09:15:27 GMT Chris_Atkinson 2022-02-07T09:15:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Protection-of-port-80/m-p/140716#M26975 <P>I have a web-site facing to public.</P><P>3 ports are open in Security Policy: 80/tcp, 443/tcp, 53/udp.</P><P>I have redirection on web server from 80 to 443, that is ok.</P><P>But there are some scans and potential script executions on port 80.</P><P>Firewall shows that scripts as accepted.</P><P>IPS is enabled.</P><P>&nbsp;</P><P>How to protect port 80? Or is it possible redirect port 80 to 443 on firewall level?</P><P>Any valuable advices are appreciated.</P><P>Thanks!</P> Mon, 07 Feb 2022 05:47:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Protection-of-port-80/m-p/140716#M26975 Network_M 2022-02-07T05:47:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Protection-of-port-80/m-p/140735#M26976 <P>Plenty of options here depending on what you're trying to achieve including separate offerings such as&nbsp;<A href="https://www.checkpoint.com/cloudguard/appsec/" target="_self">AppSec</A>.</P> <P>With that said <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/687">@Danny</a>&nbsp; provided some examples previously on things like blocking IoT Scanners / TOR Exit nodes / Geolocation Policy, refer:</P> <P><A href="https://community.checkpoint.com/t5/Management/HowTo-Block-IoT-scanners-like-Shodan-Censys-Shadowserver-PAN/m-p/124612" target="_blank">https://community.checkpoint.com/t5/Management/HowTo-Block-IoT-scanners-like-Shodan-Censys-Shadowserver-PAN/m-p/124612</A>&nbsp;</P> <P>&nbsp;</P> Mon, 07 Feb 2022 08:41:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Protection-of-port-80/m-p/140735#M26976 Chris_Atkinson 2022-02-07T08:41:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Protection-of-port-80/m-p/140741#M26977 <P>Thank you, but there are so many scanners in the internet, even scriptkiddies can execute scripts.</P><P>It will not be solution I think.</P> Mon, 07 Feb 2022 09:08:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Protection-of-port-80/m-p/140741#M26977 Network_M 2022-02-07T09:08:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Protection-of-port-80/m-p/140742#M26978 <P>As above if you provide something a little less generic we will probably be better able to guide you.</P> <P>Not withstanding to get the best out of the available gateway controls HTTPS inspection will be a factor.</P> Mon, 07 Feb 2022 09:15:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Protection-of-port-80/m-p/140742#M26978 Chris_Atkinson 2022-02-07T09:15:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Protection-of-port-80/m-p/140757#M26979 <P>Can HTTPS inspection control port 80? It is not encrypted port.</P> Mon, 07 Feb 2022 12:01:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Protection-of-port-80/m-p/140757#M26979 Network_M 2022-02-07T12:01:15Z