IP Ports

From GridSiteWiki

Well known and Registered IP Ports are defined by IANA (http://www.iana.org/) in their Port Numbers (http://www.iana.org/assignments/port-numbers) document. GridSite uses the HTTP family of protocols, and this involves ports for HTTP and HTTPS.

The vast majority of deployed webservers operate on the relevant well known ports. However, there is a reluctance at many computing centres to allow outbound access to TCP port 80 (HTTP) and TCP port 443 (HTTPS) from farm nodes, in case these machines are compromised and then used for denial-of-service attacks on prominent websites. Farm firewalls are often configured to block outbound ports 80/443, or only allow them through a web proxy with a corresponding loss of performance.

To deal with this, we propose that GridSite servers listen on 80/443 as standard, but also on port 777 ("multiling-http") for plain HTTP; and on port 488 ("gss-http") for HTTPS. It is straightforward to configure the underlying Apache server to listen on multiple ports, using the Listen and VirtualHost directives in httpd.conf:

# Plain HTTP server
Listen 80
Listen 777
<VirtualHost *:80 *:777>
ServerName host.name

# Secured HTTPS server
Listen 443
Listen 488
<VirtualHost *:443 *:488>
ServerName host.name
SSLEngine on

It is then necessary to ensure that clients which are likely to be behind restrictive firewalls use the 777/488 versions of the site.