Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Port 4024 #18379

Open
jsandersrocks opened this issue Nov 7, 2018 — with docs.microsoft.com · 7 comments

Comments

Projects
None yet
7 participants
Copy link

commented Nov 7, 2018 — with docs.microsoft.com

Customer reporting that Port 4024 is now open. I assume this is for VS 2019? Can you document this?


Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

@Grace-MacJones-MSFT

This comment has been minimized.

Copy link
Contributor

commented Nov 7, 2018

Hi @jsandersrocks, thanks for bringing this to our attention. Your feedback has been shared with the content owner for further review.

@jsandersrocks

This comment has been minimized.

Copy link
Author

commented Nov 7, 2018

also remove the old
With ANT78 release we have ports 4020(VS 2015 debugger), 4022(VS 2017 debugger) and 4024(VS 2019 debugger) open.
Also with ANT78, we closed ports 4016 and 4018 as we no longer support remote debugging from VS2012 and VS2013.

@shayanshani

This comment has been minimized.

Copy link

commented Feb 8, 2019

@jsandersrocks can you please tell me how can i close or block opened ports in azure web app?
i try to find it on google but no luck
please help me with this

@jsandersrocks

This comment has been minimized.

Copy link
Author

commented Feb 8, 2019

You cannot. This if fixed. If you need something more secure you can move to a VM or an App Service Environment. What specifically are you trying to do and why? Turn off debugging and those ports are off, then only 80 and 443 can get to your web app.

@GuyHarwood

This comment has been minimized.

Copy link
Contributor

commented Feb 22, 2019

I notice that 'web app for containers' app services do not have the remote debugging switch under application settings blade, but the ports are still open. Obviously my container only listens on a specific port, but i need to understand if anything internal is potentially still listening, as our penetration testers need confirmation before sign off.

This comment has been minimized.

Copy link

commented May 16, 2019 — with docs.microsoft.com

I don't know the best place to ask this...

Question: I know some of the ASE docs say that TCP ports 454 and 455 must be left open, but do they really need to be left open to the public Internet at large? I am sitting on my home system and able to probe those two ports on a client's ASE installation. Elsewhere, it seems to say that there is a list of management addresses (starting with 13.64.115.203 in the list). It would make sense for 454 and 455 to be open to these management IPs but I question whether these should really be wide open to the Internet. Can someone confirm this? Thank you!

@jsandersrocks

This comment has been minimized.

Copy link
Author

commented May 17, 2019

See the ASE Dependencies section of this:https://docs.microsoft.com/en-us/azure/app-service/environment/network-info#ase-dependencies "The inbound management traffic provides command and control of the ASE in addition to system monitoring. The source addresses for this traffic are listed in the ASE Management addresses document. The network security configuration needs to allow access from all IPs on ports 454 and 455. If you block access from those addresses, your ASE will become unhealthy and then become suspended. - So just the Management Addresses

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.