How can I protect web servers with windows firewall?

How do I allow traffic only from certain ips?

Example of an inbound rule for port 80?

what is my dhcp ip adress on my pc?

How do I know what ports are open for inbound and outbound?

what are private, public, domain, networks?

Go to goole and search for "what is my ip?". Google will show you what your public ip address is.

Note that your ip address may not be static. And the traffic may be going through many routers at your internet service provider. So the ip that it shows in response to "ipconfig" on your command line is not the same that is known to the external world.

Only way to know this is by seeing what the external world sees by accessing an external site like google.

Further as this is dhcp, your ip adress can change often. I am not sure how often or how consistent the isp domain server keeps that ip!

Each web page, which is accessed through port 80 may have links on that page referring to various other websites! each website will be contacted through a local port.

So a browser process may open lots of local ports, but probably, never to listen but to receive data from that port 80.

If there are processes other than the browser opening these sorts of non listen ports, something to look for.

So it becomes more important to know the processes that are opening "listening" ports acting like servers on the windows box. This listening may be from outside traffic or traffic with in the computer or inside a local network.

svchost.exe seem to be one such program that listens to lot of internal traffic to the box. And it opens a number of listening ports. And hopefully none of these ports are exposed to the outside. It will be nice to know the range of these port numbers.

Not sure if this is created by tomcat installation. But it is there when I looked.

here are some details of that rule

General tab: (Name: apache, Enabled, Action: allow)

Protocols and ports tab: (tcp, Local port (specific ports, 80), Remote port (all ports))

Scope: local (all ips), remote ips (all ips) [you can put ip restrictions here]

Advanced tab: profile (public), Block edge traversal

Programs and services tab: All programs

Comptuers tab: empty

Users tab: empty

All ports are blocked by default including port 80.

This above rule opens up port 80 for all programs for all ips in a public network

I wanted to allow only a handful of my development ips to allow port 80 connections.

So I have used the scope tab successfully to add the ip addresses that i have gotten from using the "what is my ip" search in google

with no other rule this rule for port 80, that is already setup for apache seem to work for this particular need.