I have blocked port 80 and 443 on Windows 10 via making a new Firewall rule but I still can browse. How to I block HTTP traffic via firewall?
Sophia Terry 
I have blocked port 80 and 443 on Windows 10 via making a new Firewall rule but I still can browse via Chrome. How do I block HTTP/HTTPS traffic via firewall?
This is what I did:
Firewall advanced settings --> Outbound rules
In the outbound rules I added new rule.
I choose "port". I chose the port numbers "80, 443". The protocol is TCP.
I choose "block the connection" and the rules is applied to "private, public and domain". I checked too that the rule is applied to all interfaces.
But checked if it's activated and the rule is activated. But still I can browse on Chrome. I visited websites I never visited before and I can visit them too.
Why the blocking of port 80 and 443 doesn't block HTTP and HTTPS traffic? My goal is to block all outgoing HTTP and HTTPS traffic.
12 Answers
May I know if the rule for blocking ports 80, 443 was applied for local ports or remote ports?
When the connection was established, ports 80 and 443 refer to the port on the server (website) side. The port of your client was randomly selected from 1001 to 65535.
If you want to block HTTP/HTTPS traffic via windows firewall, you could disable remote port 80 and 443 for a test.
Firewall--> Outbound Rules--> New Rule--> Rule Type=Custom--> Program=All programs--> Protocol type=TCP, Local Port=All Ports, Remote Port=Specific Ports 80, 443--> Which? Next--> Action=Block the connection--> When? Next--> Name, Description--> Finish
80 and 443 are the ports the HTTP(S) server listens on. Clients connecting to servers use ephemeral ports, short-lived single-use ports chosen randomly from a fixed range. This lets you communicate with multiple servers on multiple hosts simultaneously by opening one ephemeral port for each server. Also, you can't use low ports (<1000) without elevated privileges.
Firewall is not the right tool to achieve your goal. HTTP(S) can run on any port. You could filter out HTTP with packet inspection. HTTPS is just HTTP wrapped in a TLS tunnel and you can't inspect the HTTP part, so your only option is to block all TLS traffic. This will include a bunch of other services, for example encrypted FTP and e-mail.
6
