Solved

force only port 80 for CHttpConnection?

Posted on 2007-11-29
3
246 Views
Last Modified: 2013-11-19
I have a program written in C++ (MFC) that makes http connections for various tasks - registration, downloading updates, etc.  Alot of my customers are in school districts with very strict firewalls, so what I need to do is restrict the program to only use port 80, which is allowed through the firewalls.

I pass port 80 when opening the connection:

pHttpconnection = session->GetHttpConnection((LPCTSTR)m_sURL,(INTERNET_PORT)80);

but when I check the open ports during operation, they are all over the board.  Using the program "Open Ports Scanner" I get port 1110 as the remote port, and local ports ranging anywhere from around 2200 to 3200.

Is there any way to force only using port 80?  If not, can someone offer a solution to the firewall issues that I am encountering?
0
Comment
Question by:aesdtt
  • 2
3 Comments
 
LVL 40

Expert Comment

by:evilrix
ID: 20380956
1. When you make a connection to port 80 that connection can come from any (free) local port above the unrestricted port range (1025-65535). This being the case, the open port on the server offering HTTP will be port 80 but the open ports on the local client (connecting to the server) can be any port over 1024.

2. Assuming your HTTP server is only offering HTTP on port 80 then this is the only ports the client will successfully connect to. So, how do you know the other open ports are related to this?

3. If you erect a firewall to block all out-going traffic (from client to server) to any port other than port 80 does it stop working?

4. have you tried telneting to port 1110 on the remote server to ensure it is HTTP and not some other service running that you didn't realize?

-Rx.
0
 

Author Comment

by:aesdtt
ID: 20586241
evilrx, sorry for the delay, this has had to take a backseat to more pressing issues over the past few weeks...

OK, I went back and realized that the connection with the remote port of 1110 was to IP address 127.0.0.1, so nevermind about that.  It does seem that all the connections being made by my program have a remote port of 80 (and like you said, the local port jumps around).

What I am wondering now is, should most firewalls only care about the remote port, or do they block by local port as well?  If the customer firewalls are restricting the program from opening random local ports, then I guess my only option would be to have them add a program exception to the firewall - but is this how most firewalls operate?
0
 
LVL 40

Accepted Solution

by:
evilrix earned 300 total points
ID: 20586494
Most generic firewalls (ie. proper firewalls rather than personal ones) will allow outgoing traffic from any port; although more complex rules can be defined as necessary. It is incoming traffic that is normally blocked unless it is in response to an originating out-bound. There are various ways the firewall can filter in-bound to ensure it is in response to an outbound, such as checking for SYN/ACK flags. I am not a firewall/tcpip expert so I'm not going to try and explain the detail of how it works. Reading up on how TCP works on Wikipedia should provide you with some insight.

http://en.wikipedia.org/wiki/Transmission_Control_Protocol

You might also want to look at these links: -

http://www.interhack.net/pubs/fwfaq/
http://www.howstuffworks.com/firewall.htm

In short, you shouldn't have any problems as long as a normal web browser (e.g. IE) works your code will to.

-Rx.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now