HTTP on port 8080 ??? Why?

I keep encountering web sites that can only be accessed via port 8080
(instead of the standard 80). There URL is of the form
http://www.website.net:8080.

Which creates a problem for a firewall that only allows outbound HTTP
on port 80 only. I know I can add a rule to the firewall to allow HTTP
on port 8080, but I have to first understand why.

What makes a webmaster choose port 8080 over port 80?

And am I lessening security of the computers on my network by opening
outbound port 8080?

Thanks,
Lynn

(E-Mail Removed) wrote:
> I keep encountering web sites that can only be accessed via port 8080
> (instead of the standard 80). There URL is of the form
> http://www.website.net:8080.
>
> Which creates a problem for a firewall that only allows outbound HTTP
> on port 80 only. I know I can add a rule to the firewall to allow HTTP
> on port 8080, but I have to first understand why.
>
> What makes a webmaster choose port 8080 over port 80?
>
> And am I lessening security of the computers on my network by opening
> outbound port 8080?

Web services can run on any port, especially when multiple services are
installed on the same computer and each needs its own port. 8080 has
some significance as a proxy port, so maybe the site is running a
reverse proxy, but ultimately it doesn't matter why.

You are lessening the security slightly by opening up more outbound
ports, because, if somebody gets in, they have a wider choice to
establish reverse telnet sessions. But it's nothing like if you opened
a mass of inbound ports.

If you have a web proxy for outbound connections, you can allow any port
only from the proxy.

On 9 Sep 2006 21:35:18 -0700, (E-Mail Removed) wrote:

>I keep encountering web sites that can only be accessed via port 8080
>(instead of the standard 80). There URL is of the form
>http://www.website.net:8080.
>
>Which creates a problem for a firewall that only allows outbound HTTP
>on port 80 only. I know I can add a rule to the firewall to allow HTTP
>on port 8080, but I have to first understand why.
>
>What makes a webmaster choose port 8080 over port 80?
Because they wish to breach their ISP's ToS by running a web-server
>
>And am I lessening security of the computers on my network by opening
>outbound port 8080?

No. Also there's little or no security in limited what goes out of a
box, apart from rate limiting 'odd-port' connections.

Cheers
--
http://bugsplatter.mine.nu/

In comp.os.linux.networking (E-Mail Removed):
> I keep encountering web sites that can only be accessed via port 8080
> (instead of the standard 80). There URL is of the form
> http://www.website.net:8080.

> Which creates a problem for a firewall that only allows outbound HTTP
> on port 80 only. I know I can add a rule to the firewall to allow HTTP
> on port 8080, but I have to first understand why.

> What makes a webmaster choose port 8080 over port 80?

No need to have root permissions to start a webserver on port
8080.

> And am I lessening security of the computers on my network by opening
> outbound port 8080?

If you are concerned about security, only let your clients access
the Internet through a proxy server such as squid. You can easily
force clients if you setup transparent proxy.

Good luck

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 462: A message from the system administrator:
'I've upped my priority. Now up yours.'

On 9 Sep 2006 21:35:18 -0700
(E-Mail Removed) wrote:

> I keep encountering web sites that can only be accessed via port 8080
> (instead of the standard 80). There URL is of the form
> http://www.website.net:8080.
>
> Which creates a problem for a firewall that only allows outbound HTTP
> on port 80 only. I know I can add a rule to the firewall to allow HTTP
> on port 8080, but I have to first understand why.
>
> What makes a webmaster choose port 8080 over port 80?

Tomcat comes to mind, which is a JSP server that by default runs on 8080
with an 'apache connector' so that certain directories go to the TC
server. The website admin probably hasn't figured out how to use the
connector (jakarta).

--
Regards, Ed :: http://www.usenix.org.uk
just another java person
Vin Diesel holds a PhD. in Funk.

ed wrote:

>
>
> On 9 Sep 2006 21:35:18 -0700
> (E-Mail Removed) wrote:
>
>> I keep encountering web sites that can only be accessed via port 8080
>> (instead of the standard 80). There URL is of the form
>> http://www.website.net:8080.
>>
>> Which creates a problem for a firewall that only allows outbound HTTP
>> on port 80 only. I know I can add a rule to the firewall to allow HTTP
>> on port 8080, but I have to first understand why.
>>
>> What makes a webmaster choose port 8080 over port 80?
>
> Tomcat comes to mind, which is a JSP server that by default runs on 8080
> with an 'apache connector' so that certain directories go to the TC
> server. The website admin probably hasn't figured out how to use the
> connector (jakarta).
>


Also some ISP block port 80 so one has to use 8080


--
Dancin' in the ruins tonight
Tayo'y Mga Pinoy

Hi,

here is the answer why a webmaster choses port 8080 and not port 80,

Take for an instance if you are hosting multiple webservers and you
want to protect these webservers using a firewall/NAT

Then what you do is you put these two webservers in the private network
and enable port forwarding on Port =80 on the NAT/Firewall Router and
forward all the requests to port 80 to one of the webservers, so the
first webserver you have complete protection except port 80.

Now for the Second webserver you cannot assign port 80 bcoz u have
already used it to host first webserver. So now the most common port
used for web service is port 8080, and now u enable port forwarding on
port 8080 to the second webserver.

This is only one reason why a web administrator can use port 8080,
there may be many reasons as to why one uses port 8080.

please let me know if you have any further questions on this.

Thanks,
Sunil


> ed wrote:
>
> >
> >
> > On 9 Sep 2006 21:35:18 -0700
> > (E-Mail Removed) wrote:
> >
> >> I keep encountering web sites that can only be accessed via port 8080
> >> (instead of the standard 80). There URL is of the form
> >> http://www.website.net:8080.
> >>
> >> Which creates a problem for a firewall that only allows outbound HTTP
> >> on port 80 only. I know I can add a rule to the firewall to allow HTTP
> >> on port 8080, but I have to first understand why.
> >>
> >> What makes a webmaster choose port 8080 over port 80?
> >
> > Tomcat comes to mind, which is a JSP server that by default runs on 8080
> > with an 'apache connector' so that certain directories go to the TC
> > server. The website admin probably hasn't figured out how to use the
> > connector (jakarta).
> >
>
>
> Also some ISP block port 80 so one has to use 8080
>
>
> --
> Dancin' in the ruins tonight
> Tayo'y Mga Pinoy

In comp.os.linux.networking (E-Mail Removed):
>> ed wrote:
>> > On 9 Sep 2006 21:35:18 -0700
>> > (E-Mail Removed) wrote:

[ why run apache on port 8080? ]

> here is the answer why a webmaster choses port 8080 and not port 80,

> Take for an instance if you are hosting multiple webservers and you
> want to protect these webservers using a firewall/NAT

> Then what you do is you put these two webservers in the private network
> and enable port forwarding on Port =80 on the NAT/Firewall Router and
> forward all the requests to port 80 to one of the webservers, so the
> first webserver you have complete protection except port 80.

> Now for the Second webserver you cannot assign port 80 bcoz u have
> already used it to host first webserver. So now the most common port
> used for web service is port 8080, and now u enable port forwarding on
> port 8080 to the second webserver.

This "advice" is of course only for those "webmasters" who have
never heard about apache virtual hosting or even DNS.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 35: working as designed

(E-Mail Removed) wrote:

> And am I lessening security of the computers on my network by opening
> outbound port 8080?

If you think about, it's pretty much inconceivable that there could be
an attack that wouldn't work on port 80 but work on port 8080. The only
way that I could think of is if the client handles outbound connection
to port 80 differently, in a security-relevant way, than outbounc
connections to other ports.

Perhaps one difference might be that you presume all outbound
connections to port 80 are HTTP connections, and so you might filter
them for known threats. Since you cannot be sure an outbound connection
to port 80 is HTTP, you likely would not filter it in this manner. Of
course, any such attack could simply use HTTPS, which you basically
can't filter.

If you do any special HTTP filtering, you should do it by means of a
proxy rather than firewall rules.

DS

David Schwartz wrote:

>
> (E-Mail Removed) wrote:
>
>> And am I lessening security of the computers on my network by opening
>> outbound port 8080?
>
> If you think about, it's pretty much inconceivable that there could be
> an attack that wouldn't work on port 80 but work on port 8080. The only
> way that I could think of is if the client handles outbound connection
> to port 80 differently, in a security-relevant way, than outbounc
> connections to other ports.
>
A non-root application could establish a server at 8080, but
not at 80. But that's only relevant for incoming connections...

Regards,

Iwo