This is what I am trying to do:
Open a browser and start to browse any https website like Gmail or Google.com
I can see through Wireshark that the name resolution is being done by the DNS server.
But after that, the connection is directly established to port 443 (starting from TCP handshake)
One thing I am not able to understand is, how does the browser knows that it needs to connect to port 443, I tried exploring the DNS packet, but it contains only the destination address, and there is no info which tells that it needs to connect to port 443.
Even if say, the browser has a priority in querying for the first time, it sees that if the port 443 is open then connect to it or connect to port 80, but I am not able to see any such behavior if I connect to a normal HTTP website, in the sense that, if I go to a normal HTTP website, there is no traffic flow from the browser indicating that it had searched first the port 443 and then went to port 80.
I am sure that I am missing something here, but not sure what it is.
The presence of https: in the URL tells it that.
The browser (client) uses the HTTP or HTTPS in the address to determine which port to use...
However the server can be configured to require HTTPS, and to switch/redirect an HTTP port 80 connection to HTTPS port 443 with encryption & certificate. So if the browser connects to a server via HTTP port 80, the server can then immediately switch/redirect the connection to HTTPS port 443. The server may even be configured the other way around to switch/redirect a connection from HTTPS port 443 to HTTP port 80.
I think this is sort of like asking why does a FTP client use the FTP port
Unless you specify a port with "http://...:port" the browser uses 80 for http and 443 for https as thats what the protocol defines but....
A server may respond with a "Strict-Transport-Security: max-age=..." and the browser is then required to retry on https and remember this
In addition Chrome , see HSTS, ships with a large preseeded HSTS list
so even if you type http for a site in the HSTS list - the browser will look at its HSTS configuration see that the site is specified and instead change to HTTPS on port 443 without trying http on port 80 first
Related
I am attempting to set up an apache2 web server on my raspberry pi. I am able to connect to it by doing http://localhost:8080 (8080 because my router blocks port 80). Although when I do http://my.pub.lic.ip:8080 the connection times out. I set up port forwarding so that requests going to my router on port 8080 go to my raspberry pi on port 8080. This does not seem to work but I'm also not sure if the port forwarding is the cause or if it is something else. Any suggestions?
Is your web server configured to listen on the network interface besides localhost?
https://httpd.apache.org/docs/2.4/bind.html
For example, to make the server accept connections on both port 80 and port 8000, on all interfaces, use:
Listen 80
Listen 8000
To make the server accept connections on port 80 for one interface, and port 8000 on another, use
Listen 192.0.2.1:80
Listen 192.0.2.5:8000
You can try using nmap by finding your router's public IP and on the raspberry pi type nmap my.pub.lic.ip This will show you what services are actually being published to the world. This gives more insight to the problem.
I got the web server up and running although for some reason it appears that my isp would only allow it to be hosted securely (as an https page)(I'm not sure if that's the right way to phrase it). To achieve this for free, I used cloudflare's ssl service. A tutorial to set it up for apache2 can be found here
I am trying to make my XAMPP server public on the internet. But when i try to access it using my ip adress it says connection refuzed. I have followed lots of tutorials but most of them are for older versions. I have set the 80,443 ports on and have added them as a firewall exception but it still not working. Can you please give me some sugestions?
The idea is the same no matter the version of XAMPP you are using.
It's not clear if you configured port forward on your router (all connections on ports 80 or 443 will be forwarded to the XAMPP "server"). You should do this orderwise the incoming connection will never be redirected properly.
I am not sure if ISPs can block external access to ports 80 or 443, but you can also configure an alternative port, like 8000, to be forwarded to 80 internally, then you access your server using http://[your_public_IP]:8000
There are some sites you can use to check your public IP, like: http://whatismyipaddress.com/.
We are using an internal server to host our staging website. I was trying to use browserstack to do compatibility testing on the virtual environment that they provide. In order to setup the virtual environment, I need to specify the port which is being used by the local web server. How can I find out which port is being used by our server? Do I need to go check the settings from the IIS in the server machine?
Web server can run on any port. But the default port is 80. When you type in the URL of a web site the browser uses the default port 80 and connects to it. There are lot of occasions when other ports are used, mostly when more than one web server is needed in the same machine. Like webmin uses port 10000 by default.
For any web server not using port 80 you have to specify the port also with your url like http://yoursite.com:port in case of default webmin install it is like http://localhost:10000
Note:HTTP uses 80 and HTTPS uses 443 by default.
This is documented in their tab for local testing.
Basically you do not need to provide 80 as a port, because it will be used by default.
If the port number is not provided, a default port number of 80 is
used. If the port number is present in the URL, it will be extracted
automatically. To test servers with SSL, check the HTTPS box. Once the
option is checked, you can enter a SSL port number that is independent
of the HTTP port number. When the connection is established, the HTTP
and HTTPS connections appear as separate links.
Is it possible to use port 80 for non http traffic ? For example I'm making a small script that will communicate with a friends computer through the internet, however they must port forward it to get past the router. Is there a problem with using port 80 in the script so it will be let through automatically ? Is there some part of this i don't understand that will not let non http data through ? Please explain :)
there is no problem doing that. in fact, skype's default behaviour is to use port 80 and port 443 to transport voice!
There are a lot of ISPs that actually block port 80, so you might want to try a different port if you are having a problem (still needs to be forwarded)
The firewall on the computer also needs to be set to allow the incoming traffic.
This will work fine, but your friend may still need to setup port forwarding
If your friend's PC is the one listening on Port 80, he will need to setup port forwarding. Otherwise, how would the router/NAT know which computer in the house to bridge the connection to?
But if your friend's PC is the one making the outbound connection, then likely no port forwarding is needed at all on his end.
In other words, port forwarding (for TCP) is only for inbound connections. The router/NAT will automatically setup a port mapping scheme for outbound connections (as it does it with all web traffic).
I am running a asp.net mvc2 application on iis7.5 using a SSL certificate for port 443.
but as soon as I add port 443 to the Bindings (on "Site Bindings") it wont browse to the site through the HTTPS scheme complainng of another process working.
I have tried renaming port 80 to 8080 to no avail.
Hope someone can help.
All the best
Paul
*Please note this addition it may save time for you:
ADDED NOTE: THE ANSWER TO THIS WAS TO TURN OFF SKYPE AS IT HAD CONTROL OF PORT 443
It kinda sounds like you already have a site using port 443. SSL can't run on a shared IP; the certificate needs to be verified even before the server knows which site's cert to use.
Make sure other sites (especially the default one) aren't bound to the site's address and port.