Problem with Windows firewall on first launch

webui-dev / webui

Use any web browser or WebView as GUI, with your preferred language in the backend and modern web technologies in the frontend, all in a lightweight portable library.

https://webui.me

MIT License

2.9k stars 164 forks source link

Problem with Windows firewall on first launch #190

Closed delphius closed 1 year ago

delphius commented 1 year ago

When you run the program for the first time, the Windows firewall window pops out, due to the fact that the program uses closed ports in the firewall for http (instead of 80) and for websocket (they are determined randomly, as far as I understand).

There are no problems pressing "allow" once, after that the program is registered in the allowed ones in the firewall and the next time you run along this path, no windows pop up anymore. However, this may confuse the end user at the first launch.

I see two working solutions so far: just close this window by finding it and sending it the WM_CLOSE command, or register the permission in the firewall yourself using the windows API (this will require increased privileges)

Now the question itself is: how do you get around this problem? (if of course you have it :)

hassandraga commented 1 year ago

For now, I just click allow once. This is normal when dealing with networking softwares. Two or three years ago in WebUI 1.x series, many Antimalware softwares alert the users because local WebSockets and web browsers PAW and app modes was something new... now it's standardized and thankfully Antimalware does not show alerts anymore. So, one-time firewall alert is not a big deal, I guess.

I suggest to not do anything about it and just leave it.

fibodevy commented 1 year ago

I think this is because webui binds to all interfaces (0.0.0.0) instead of just localhost (127.0.0.1), why would it listen on all interfaces? Change that and problem solved.

hassandraga commented 1 year ago

I don't think so, it's already listening on 127.0.0.1:

https://github.com/webui-dev/webui/blob/8a5880a06038c14daa3d539720597c72eb1ad265/src/webui.c#L5412C15-L5412C15

fibodevy commented 1 year ago

2 sockets on 0.0.0.0 + 1 socket on 127.0.0.1, I see it in Sysinternals Process Explorer. Also If I create sample app that listens on 127.0.0.7, no firewall windows, if I change the IP to 0.0.0.0, FW window shows up.

cgPmwtOkkx

hassandraga commented 1 year ago

Thank you for sharing @fibodevy. I will investigate this.

fibodevy commented 1 year ago

I hooked bind() winapi function

bind called -> 127.0.0.1, socket = 0000000000000180 bind called -> 127.0.0.1, socket = 0000000000000180 bind called -> 0.0.0.0, socket = 000000000000019C bind called -> 0.0.0.0, socket = 000000000000026C

I don't know where but bind() is called 4 times

iLRkOYA9wI

EDIT: Final word

I changed IP to 127.0.0.1 in my hooked function

addr^.sin_addr.S_addr := inet_addr('127.0.0.1');

and no more firewall windows, webui works fine, in procexp I see 3 sockets on 127.0.0.1

hassandraga commented 1 year ago

Please let me know if this commit fixes the issue.

[Core]          [Thread] _webui_server_start([1]) -> Listening Success
[Core]          [Thread] _webui_server_start([1]) -> HTTP Port: 127.0.0.1:36359
[Core]          [Thread] _webui_server_start([1]) -> WS Port: 127.0.0.1:27279

If you need binaries (Compiled using GitHub CI) to update the wrappers, are here.

fibodevy commented 1 year ago

Yes, fixed, GJ

hassandraga commented 1 year ago

Thank you @fibodevy for providing useful details 👍