2

I want to create a simple JSON-based protocol to allow my game to talk to my custom server, but I don't want embed it in HTTP.

If I send a custom text-based protocol request to my server on port 80, will firewalls block it for not using HTTP format, or do they only care about the port number?

I won't use the same server as a web server, so I don't care about losing port 80 for real web serving.

As a bit of clarification, I am mainly concerned with the typical home firewalls that most people might have, not a high-end corporate firewall.

MindJuice
  • 21
  • 1
  • 3
  • The outgoing response will be valid JSON, which RESTful servers generate all the time, so only the incoming request could possibly cause an issue. – MindJuice Aug 14 '10 at 01:11

5 Answers5

3

Topic firewalls only do blocking based on port number. However, application layer firewalls (17 filter, wfilter enterprise) do blocking based on protocol patterns.

So if your firewall is an application layer firewall, your chatting program will not work.

gengw2000
  • 51
  • 3
2

As a bit of clarification, I am mainly concerned with the typical home firewalls that most people might have, not a high-end corporate firewall.

Most typical home firewalls don't block outbound connections by default. In fact most home based equipment do not even have a firewall, they just rely on NAT to prevent inbound connections. So personally I wouldn't worry too much about sending out port 80. Just use any port > 1024 and play nice.

I would also add that anyone who has a firewall filtering outbound connections has the experience to open up needed ports outbound as well.

Zypher
  • 36,995
  • 5
  • 52
  • 95
  • Right, the local port is arbitrary. I am only concerned with the remote port 80 being blocked somewhere along the way. Assuming I am hosting on a dedicated server somewhere like 1and1.com, then it seems it should be OK. If for some reason it turned out to be a problem, I could add a basic HTTP header and send the JSON as the body of a POST. Just don't want to mess with that if it isn't required. – MindJuice Aug 14 '10 at 02:43
1

Most typical firewalls will do basic port-based rules (if it's on port 80 it's OK, even if it's really some non-HTTP protocol), or they will do deeper inspection and deny flows which match a specific pattern of badness (file extension, virus shellcode, etc). I don't know of any that take a whitelist approach, blocking anything that isn't HTTP on port 80.

techieb0y
  • 4,161
  • 16
  • 17
1

Firewalls that do deep packet inspection will flag this as non-HTTP and may react. Paranoid corporate-types don't want you running SSH over port 80 so you can tunnel out of their network policy framework.

However, run of the mill Linksys/Dlink/Netgeear commodity grade firewalls generally don't have such features. Especially on outbound.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
  • Good point. It is only the client's outbound request that could be blocked. The client's inbound response will be valid JSON, so it should pass through like any other RESTful response. The oubound request will also be in JSON format, just with no HTTP headers. – MindJuice Aug 14 '10 at 01:20
  • @sysadmin, How common is layer 7 filtering for big companies, schools, and airports? – Pacerier Mar 20 '17 at 22:12
  • @Pacerier No idea on public areas like Airports and transit wifi offerings. Hotel internet sometimes blocks VPNs this way. Schools run the full spectrum from 'hey whatever' to 'only these whitelisted sites are allowed'. The bigger the employer, the more likely they are to do this. – sysadmin1138 Mar 20 '17 at 22:48
0

What issues do you see with using HTTP - there are plenty of people using HTTP for chat servers etc. that have the same sort of behaviour as game engines communicating with servers.

node.js might be a good fit on the server-side for this sort of app.

Other thing to look at would be Google's work on SPDY - http://en.wikipedia.org/wiki/SPDY - Chrome uses it for a lot of communication with Google's properties.

Andy

Andy Davies
  • 186
  • 6