Solved

force only port 80 for CHttpConnection?

Posted on 2007-11-29
3
258 Views
Last Modified: 2013-11-19
I have a program written in C++ (MFC) that makes http connections for various tasks - registration, downloading updates, etc.  Alot of my customers are in school districts with very strict firewalls, so what I need to do is restrict the program to only use port 80, which is allowed through the firewalls.

I pass port 80 when opening the connection:

pHttpconnection = session->GetHttpConnection((LPCTSTR)m_sURL,(INTERNET_PORT)80);

but when I check the open ports during operation, they are all over the board.  Using the program "Open Ports Scanner" I get port 1110 as the remote port, and local ports ranging anywhere from around 2200 to 3200.

Is there any way to force only using port 80?  If not, can someone offer a solution to the firewall issues that I am encountering?
0
Comment
Question by:aesdtt
  • 2
3 Comments
 
LVL 40

Expert Comment

by:evilrix
ID: 20380956
1. When you make a connection to port 80 that connection can come from any (free) local port above the unrestricted port range (1025-65535). This being the case, the open port on the server offering HTTP will be port 80 but the open ports on the local client (connecting to the server) can be any port over 1024.

2. Assuming your HTTP server is only offering HTTP on port 80 then this is the only ports the client will successfully connect to. So, how do you know the other open ports are related to this?

3. If you erect a firewall to block all out-going traffic (from client to server) to any port other than port 80 does it stop working?

4. have you tried telneting to port 1110 on the remote server to ensure it is HTTP and not some other service running that you didn't realize?

-Rx.
0
 

Author Comment

by:aesdtt
ID: 20586241
evilrx, sorry for the delay, this has had to take a backseat to more pressing issues over the past few weeks...

OK, I went back and realized that the connection with the remote port of 1110 was to IP address 127.0.0.1, so nevermind about that.  It does seem that all the connections being made by my program have a remote port of 80 (and like you said, the local port jumps around).

What I am wondering now is, should most firewalls only care about the remote port, or do they block by local port as well?  If the customer firewalls are restricting the program from opening random local ports, then I guess my only option would be to have them add a program exception to the firewall - but is this how most firewalls operate?
0
 
LVL 40

Accepted Solution

by:
evilrix earned 300 total points
ID: 20586494
Most generic firewalls (ie. proper firewalls rather than personal ones) will allow outgoing traffic from any port; although more complex rules can be defined as necessary. It is incoming traffic that is normally blocked unless it is in response to an originating out-bound. There are various ways the firewall can filter in-bound to ensure it is in response to an outbound, such as checking for SYN/ACK flags. I am not a firewall/tcpip expert so I'm not going to try and explain the detail of how it works. Reading up on how TCP works on Wikipedia should provide you with some insight.

http://en.wikipedia.org/wiki/Transmission_Control_Protocol

You might also want to look at these links: -

http://www.interhack.net/pubs/fwfaq/
http://www.howstuffworks.com/firewall.htm

In short, you shouldn't have any problems as long as a normal web browser (e.g. IE) works your code will to.

-Rx.
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've been asked to discuss some of the UX activities that I'm using with my team. Here I will share some details about how we approach UX projects.
Because your company can’t afford for you to make SEO mistakes, you’ll want to ensure you’re taking the right steps each and every time you post a new piece of content. This list of optimization do’s and don’ts can help you become an SEO wizard.
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question