Hardcoded web-server ports

[GoogleCodeExporter]

What steps will reproduce the problem?
When tests web-server on not standart ports like 80 and 443 you will see
such warning:
"[!] WARNING: Access to this port denied."

Please provide any additional information below.
Problem in http.c. Patch you can see below.

diff -u http.c.orig http.c
--- http.c.orig 2009-05-13 23:41:01.000000000 +0400
+++ http.c  2010-03-25 14:09:19.175346738 +0300
@@ -496,8 +496,8 @@
     if (!ret->port || ret->port > 65535) 
       http_error(client,"Illegal port specification",1);

-    if (ret->port < 1024 && ret->port != 80 && ret->port != 443)
-      http_error(client,"Access to this port denied",1);
+/*    if (ret->port < 1024 && ret->port != 80 && ret->port != 443)*/
+      /*http_error(client,"Access to this port denied",1);*/

     *x = 0; 

Original issue reported on code.google.com by naplan...@gmail.com on 25 Mar 2010 at 11:25

[GoogleCodeExporter]

It's by design, for security reasons. You can put this behind a command-line 
flag, 
though.

Original comment by lcam...@gmail.com on 25 Mar 2010 at 5:43

[GoogleCodeExporter]

Hmmm, what are these security reasons?

Original comment by naplan...@gmail.com on 25 Mar 2010 at 8:19

[GoogleCodeExporter]

Limiting the ability for proxy users to port scan or send input to non-HTTP 
services;
roughly the same restrictions are present in most other browsers and proxies,
although usually a bit more fine-grained (e.g., a list of few hundred 
blacklisted ports).

Original comment by lcam...@google.com on 25 Mar 2010 at 8:42

[GoogleCodeExporter]

Yep, I agree. But ratproxy usually used as local proxy, isn't it?
So it will be great to have some command line param to control this case.

Original comment by naplan...@gmail.com on 25 Mar 2010 at 8:51

[GoogleCodeExporter]

Yeah, I will put it behind a switch.

Original comment by lcam...@gmail.com on 25 Mar 2010 at 8:53

• Added labels: Type-Enhancement
• Removed labels: Type-Defect