Hardcoded web-server ports
GoogleCodeExporter opened this issue · comments
What steps will reproduce the problem?
When tests web-server on not standart ports like 80 and 443 you will see
such warning:
"[!] WARNING: Access to this port denied."
Please provide any additional information below.
Problem in http.c. Patch you can see below.
diff -u http.c.orig http.c
--- http.c.orig 2009-05-13 23:41:01.000000000 +0400
+++ http.c 2010-03-25 14:09:19.175346738 +0300
@@ -496,8 +496,8 @@
if (!ret->port || ret->port > 65535)
http_error(client,"Illegal port specification",1);
- if (ret->port < 1024 && ret->port != 80 && ret->port != 443)
- http_error(client,"Access to this port denied",1);
+/* if (ret->port < 1024 && ret->port != 80 && ret->port != 443)*/
+ /*http_error(client,"Access to this port denied",1);*/
*x = 0;
Original issue reported on code.google.com by naplan...@gmail.com on 25 Mar 2010 at 11:25
It's by design, for security reasons. You can put this behind a command-line
flag,
though.
Original comment by lcam...@gmail.com on 25 Mar 2010 at 5:43
Hmmm, what are these security reasons?
Original comment by naplan...@gmail.com on 25 Mar 2010 at 8:19
Limiting the ability for proxy users to port scan or send input to non-HTTP
services;
roughly the same restrictions are present in most other browsers and proxies,
although usually a bit more fine-grained (e.g., a list of few hundred
blacklisted ports).
Original comment by lcam...@google.com on 25 Mar 2010 at 8:42
Yep, I agree. But ratproxy usually used as local proxy, isn't it?
So it will be great to have some command line param to control this case.
Original comment by naplan...@gmail.com on 25 Mar 2010 at 8:51
Yeah, I will put it behind a switch.
Original comment by lcam...@gmail.com on 25 Mar 2010 at 8:53
- Added labels: Type-Enhancement
- Removed labels: Type-Defect