How to restrict access to your server through windows firewall

To improve the security of your server, and improve performance slightly, you may want to consider limiting access through port restrictions.  This prevents external brute force attacks from attempting to access your server - which could lead to security breaches, additional storage usage from the logged events, and additional CPU usage from processing these requests.
Normally, you could use windows firewall and simply restrict the Allow ruling to only allow connections from certain IP addresses.  However, due to how Plesk interacts with the firewall, it is necessary to create a separate Block rule to restrict all other ranges instead.  If you attempt modifying the Allow rule, you may find that the rule gets reset after some time.
This should be performed with caution, because it is possible to lock yourself out of the server.
When you are ready, just follow these steps:
  1. Log in to your server through Remote Desktop
  2. Open Windows Firewall with Advanced Security from the start menu
  3. Go to Inbound Rules
  4. Click New Rule... on the right column
  5. Click Port then Next
  6. Add the ports that you wish to block or restrict access to then click Next
  7. Leave this on Allow for now and click Next
  8. Ensure that all three boxes checked, then click Next
  9. Create a name for this rule, such as "Restrict RDP", then click Finish
  10. Find your rule in the list, Right click it and click Properties
  11. Go to the Scope tab
  12. In the bottom pane (Remote IP address), switch to These IP Addresses:
  13. Add all of the ranges which should Not be able to access your server on the specified ports
  14. Ensure that's offices ranges are not blocked by your rules, otherwise we will have difficulty assisting you on support tickets:
    1. -
    2. -
    3. -
  15. Double check that no important IP addresses will be blocked.
  16. Go back to the General tab and change the Action to Block the connection
  17. Click OK.
You can now try accessing from a different location, such as a smart phone (after disconnecting it from WiFi) to ensure that traffic is being blocked properly.
If you have any questions, feel free to contact a member of our 24/7 support team through a ticket or phone call!
All our ranges covered in these rules:
0 - - - - - -

Add Feedback