|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Open a port for local access onlyI want to create an application with a small embedded web server, to serve web pages (HTML, perhaps even using ASP.NET). Creating the server part itself is not a problem (System.Web.Hosting + sockets etc), but... 1. The server should only be available for localhost. No external access of any kind should be allowed. 2. Being a "local access only" server I would like to avoid any involvement of firewalls, e.g the internal firewall in XP. Users may find the firewall prompting alarming/irritating and sometimes, if they're non-administrators, they will not even have access to the XP firewall. Even more importantly, they may choose the unblock options (Unblock) when they, in fact, should not unblock the app. Issue 1 can be solved in code, just by checking the origin of the requests, but issue 2 is more difficult, especially if we take non-administrators into consideration. So, is there some kind of "local access only" socket that can be created for this kind of use? I can't see any security problems with such a solution.. Best regards Gunnar PS. I just tried DWebPro, a small web server for CD deployment. Trying out the demo, I couldn't get it to trigger the firewall in any way, even when I started changing the port used. This seems to suggest there is some kind of solution to the problem, but maybe it's ugly? DS
Show quote
"Gunnar Liljas" <gunnar_lil***@hotmail.com> wrote in message If your socket listens only on 127.0.0.1 address, not IPAddress.Any news:OYUM6Q0CGHA.312@TK2MSFTNGP09.phx.gbl... > Hi! > > I want to create an application with a small embedded web server, to serve > web pages (HTML, perhaps even using ASP.NET). Creating the server part > itself is not a problem (System.Web.Hosting + sockets etc), but... > > 1. The server should only be available for localhost. No external access > of any kind should be allowed. > 2. Being a "local access only" server I would like to avoid any > involvement of firewalls, e.g the internal firewall in XP. Users may find > the firewall prompting alarming/irritating and sometimes, if they're > non-administrators, they will not even have access to the XP firewall. > Even more importantly, they may choose the unblock options (Unblock) when > they, in fact, should not unblock the app. > > Issue 1 can be solved in code, just by checking the origin of the > requests, but issue 2 is more difficult, especially if we take > non-administrators into consideration. > > So, is there some kind of "local access only" socket that can be created > for this kind of use? I can't see any security problems with such a > solution.. .... (0.0.0.0), only connections from localhost should be accepted. As for the firewall, I'm not sure there is much you can do. Firewalls dig deep into the OS and if they want to block (and are configured to do so), will block. Regards, Goran Goran Sliskovic wrote:
> Yes, but since communication from 127.0.0.1 to 127.0.0.1 goes through > If your socket listens only on 127.0.0.1 address, not IPAddress.Any > (0.0.0.0), only connections from localhost should be accepted. As for > the firewall, I'm not sure there is much you can do. Firewalls dig deep > into the OS and if they want to block (and are configured to do so), > will block. > the loopback interface and not through any network adapter (VPN or NIC) I was hoping that any firewalling would be circumvented. In fact, your solution so far seems to remedy the problem. Can't understand how I missed that. The word "Any" should have stared me in the face! :) Thanks! /G  |
|||||||||||||||||||||||
Other interesting topics