The following forum(s) are migrating to a new home on Microsoft Q&A (Preview): Azure App Service - Web Apps!

Ask new questions on Microsoft Q&A (Preview).
Interact with existing posts until December 13, 2019, after which content will be closed to all new and existing posts.

Learn More

Port 1221 RRS feed

  • Question

  • From Moisés @mgarcia_afi via Twitter

    @AzureSupport What are these ports used for in azure websites (454,455,1221,4016,4018,4020). It seems they are open.

    Found this forum:  but port 1221 doesn't appear on the list. What is it used for?

    Port 1221 even responds to a GET command returning some information with an IP Address different from the one hosting the app.


    Tuesday, December 15, 2015 4:44 PM

All replies

  • Hello Moisés,

    The port 1221 is tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP), it is used for a lookup service and for Internal Management.

    Syed Irfan Hussain

    Wednesday, December 16, 2015 11:26 AM
  • Thank you very much.

    So one more question, in case I want to move my website to be hosted inside an App Service Environment, is it safe to close this port from the internet? What features I lose if I close this port?


    Thursday, December 17, 2015 8:27 AM
  • I know this is an old post but hope someone can help.  I have port 1221 being open raised in a security scan as vulnerable to Directory Traversal.  Can someone elaborate why this port is open in an Azure App Service?
    Thursday, September 14, 2017 7:27 PM
  • As suggested by Syed Irfan Hussain on the above post, this port is used for a look up service and Internal Management.


    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    • Proposed as answer by Swikruti Bose Friday, October 20, 2017 11:30 AM
    Friday, October 20, 2017 11:30 AM
  • If that is the case why is it available externally? 
    Wednesday, March 13, 2019 5:41 PM
  • I have the same issue. This port is coming up with a medium level Directory Traversal vulnerability. If the port is for internal then why is it showing in customer scans? This is a serious vulnerability and the port should be close or better explained promptly
    Wednesday, May 22, 2019 6:37 PM
  • Traffic is only allowed to leave app services from ports 80 and 443. Any other traffic from your site will be blocked on any other port. Port 1221 is used for Internal Management. There is no exposure to your site.

    If you are doing a compliance scan, most companies will issue an exception for port 1221 so that you can pass.

    Thursday, May 23, 2019 12:55 AM