Phweb ports and Firewall
Deskin, Bob
Bob.Deskin at Cognos.COM
Mon Aug 29 14:28:29 CDT 2005
It's not a specific port number. When the PHCGI starts, it picks up an available port number that it will listen on. It passes this port number to the Dispatcher which in turn passes it to the PH Web Server as part of the request. If the Dispatcher needs to send a message back to the PHCGI, it can use the passed port number. When the PH Web Server processing is complete, the results page is sent back on the passed port number to the waiting PHCGI that is listening on that port.
Since these ports are going out of the firewall, rather than in, the same security may not apply. One thing that you may be able to do is limit the range of available ports or restrict certain ports to the PHCGI executable.
In the next release, we will have a two-way Dispatcher that allows you to set the port going back out as well as coming in. But that release will not be available until next year sometime.
Bob
-----Original Message-----
From: powerh-l-bounces+bob.deskin=cognos.com at lists.sowder.com [mailto:powerh-l-bounces+bob.deskin=cognos.com at lists.sowder.com] On Behalf Of Etienne Rompré
Sent: August 29, 2005 3:20 PM
To: powerh-l at lists.sowder.com
Subject: Phweb ports and Firewall
Hi to all,
I need to know which ports I need to leave open in the firewall in order to get the dispatcher to speak to the PHCGI.exe
Everything is working perfectly if the server in in the DMZ zone but if I let only the HTTP port, the HTTPS and TCP ports 1601 and 1602, I can't get the results from the dispatcher.
Since the web server is a APACHE server running on Windows, I don't want to let it running on the DMZ. ;) God knows how much I love my Mac OS X machine...
Dispatcher running on a OpenVMS box
PHCGI.exe in a WIN32 box
Cheap Dlink Firewall
Thanks for your input.
--
Etienne Rompré
Email : erompre at kangouroute.net
Site internet : http://www.kangouroute.net/
--
= = = = = = = = = = = = = = = = = = = = = = = = = = = =
Mailing list: powerh-l at lists.sowder.com
Subscribe: "subscribe" in message body to powerh-l-request at lists.sowder.com
Unsubscribe: "unsubscribe <password>" in message body to powerh-l-request at lists.sowder.com http://lists.sowder.com/mailman/listinfo/powerh-l
This list is closed, thus to post to the list you must be a subscriber.
This message may contain privileged and/or confidential information. If you have received this e-mail in error or are not the intended recipient, you may not use, copy, disseminate or distribute it; do not open any attachments, delete it immediately from your system and notify the sender promptly by e-mail that you have done so. Thank you.
More information about the powerh-l
mailing list