Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

force only port 80 for CHttpConnection?

Posted on 2007-11-29
3
Medium Priority
?
269 Views
Last Modified: 2013-11-19
I have a program written in C++ (MFC) that makes http connections for various tasks - registration, downloading updates, etc.  Alot of my customers are in school districts with very strict firewalls, so what I need to do is restrict the program to only use port 80, which is allowed through the firewalls.

I pass port 80 when opening the connection:

pHttpconnection = session->GetHttpConnection((LPCTSTR)m_sURL,(INTERNET_PORT)80);

but when I check the open ports during operation, they are all over the board.  Using the program "Open Ports Scanner" I get port 1110 as the remote port, and local ports ranging anywhere from around 2200 to 3200.

Is there any way to force only using port 80?  If not, can someone offer a solution to the firewall issues that I am encountering?
0
Comment
Question by:aesdtt
  • 2
3 Comments
 
LVL 40

Expert Comment

by:evilrix
ID: 20380956
1. When you make a connection to port 80 that connection can come from any (free) local port above the unrestricted port range (1025-65535). This being the case, the open port on the server offering HTTP will be port 80 but the open ports on the local client (connecting to the server) can be any port over 1024.

2. Assuming your HTTP server is only offering HTTP on port 80 then this is the only ports the client will successfully connect to. So, how do you know the other open ports are related to this?

3. If you erect a firewall to block all out-going traffic (from client to server) to any port other than port 80 does it stop working?

4. have you tried telneting to port 1110 on the remote server to ensure it is HTTP and not some other service running that you didn't realize?

-Rx.
0
 

Author Comment

by:aesdtt
ID: 20586241
evilrx, sorry for the delay, this has had to take a backseat to more pressing issues over the past few weeks...

OK, I went back and realized that the connection with the remote port of 1110 was to IP address 127.0.0.1, so nevermind about that.  It does seem that all the connections being made by my program have a remote port of 80 (and like you said, the local port jumps around).

What I am wondering now is, should most firewalls only care about the remote port, or do they block by local port as well?  If the customer firewalls are restricting the program from opening random local ports, then I guess my only option would be to have them add a program exception to the firewall - but is this how most firewalls operate?
0
 
LVL 40

Accepted Solution

by:
evilrix earned 1200 total points
ID: 20586494
Most generic firewalls (ie. proper firewalls rather than personal ones) will allow outgoing traffic from any port; although more complex rules can be defined as necessary. It is incoming traffic that is normally blocked unless it is in response to an originating out-bound. There are various ways the firewall can filter in-bound to ensure it is in response to an outbound, such as checking for SYN/ACK flags. I am not a firewall/tcpip expert so I'm not going to try and explain the detail of how it works. Reading up on how TCP works on Wikipedia should provide you with some insight.

http://en.wikipedia.org/wiki/Transmission_Control_Protocol

You might also want to look at these links: -

http://www.interhack.net/pubs/fwfaq/
http://www.howstuffworks.com/firewall.htm

In short, you shouldn't have any problems as long as a normal web browser (e.g. IE) works your code will to.

-Rx.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Article by: evilrix
Looking for a way to avoid searching through large data sets for data that doesn't exist? A Bloom Filter might be what you need. This data structure is a probabilistic filter that allows you to avoid unnecessary searches when you know the data defin…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question