Http application on non standard port

Hello all,
I am deploying an intranet web application. Its a war file. Can I use port 89 to enable the application for users? Is that port allowed? The application communicates via http on this nonstandard port
Thats a standard port used by "SU/MIT Telnet Gateway".
If at all we have to deploy applications on different ports what port should be used? I am not using websphere, I am using sun web server but I hope someone can answer this ...
My question again, if multiple web applications have to be used on different ports, what unix/window ports should be used? Are there any standard port numbers (such as any number after 1023 etc ..) that we can use?
Thanks in advance

it's a better idea to go beyond 1023. those are usually reserved.
pick one. tomcat uses 8080; weblogic uses 7001. we deploy different instances on weblogic and use other ports (e.g., 7003.) it's a deployment issue.
talk to your web server admin - they should know how to do it.
if you're the admin - go read some books.
%

Similar Messages

Using the CSM to setup a HTTPS session on non-standard ports?

Hi Guys,
One of our clients wants to setup an SSL connection on a non-standard SSL port i.e. 4444 to begin with. Here the sever handles the SSL encryption / deccryption) instead of the SSL module.
I've found the following config to work well:
serverfarm FARM-MOBS-4444
nat server
no nat client
predictor leastconns
failaction purge
real 130.194.12.81 4444
inservice
real 130.194.12.84 4444
inservice
probe MOBS-4444
sticky 108 netmask 255.255.255.255 timeout 60
vserver VMOBS-PROD-4444
virtual 130.194.11.51 tcp https
serverfarm FARM-MOBS-4444
sticky 60 group 108
persistent rebalance
inservice
With the above setup the CSM redirects the SSL connections (recieved on 443) to port 4444 on the sever and maintains this for the duration of the session.
While the above setup works, is it possible to configure the VIP to use a HTTPS port other than 443 (which is default)? This would then allow for separate HTTPS paths to be setup on non-standard ports. I ask this since the client also wants to setup a HTTPS path on port 4443 as well.
Any ideas would be useful.
thanks
Sheldon

Hi Martin,
Do you mean using the SSL module to perform the encryption / decryption? If so i've tried this and it does work without an issue.
I was just wondering if it were possible to have a VIP setup where the HTTPS port is not 443 but say 4443, where the encryption / decryption is done by the real servers themselves.
thanks
Sheldon

HTTP Optimization on Non-Standard Port

I was wondering if anyone else has noticed something similar to what I am seeing.
We have a WAAS setup running 4.1.5a. It has been working very smoothly but I've noticed something odd
regarding HTTP optimization. All users trying to access the Internet must use a proxy-server on HTTP port 9090.
The WAAS does a good initial job of optimization on small amounts of traffic (under 2MB's, not exact just an observation)
the optimization can be upwards of 80-90%. However, if a large file transfer is done the amount of optimization drops to almost
nothing and at times it is slightly negative.
However, there are internal servers users access on HTTP port 80 and the optimization on all the traffic averages around 70-90%.
Would anyone have an idea as to why this might be?
Thanks....

Hi James,
I would expect overall lower compression ratios for content coming from the Internet, since the content types are more likely to vary (YouTube, etc.) versus intenally hosted content.
Can you post a copy of the 'sh stat app Web' so I can look at the statistics?
Thanks,
Zach

Http probe on non-standard tcp port 8021

I've configured http probe on standard port 80 with no issue. I'm now trying http probe on non-standard tcp port 8021, confirmed with packet capture to confirm that the CSM is indeed probing, status code 403 is returned but the reals are showing "probe failed". Am I missing something? Thank you in advance.
CSM v2.3(3)2
probe 8021 http
request method head
interval 2
retries 2
failed 4
port 8021
serverfarm TEST
nat server
no nat client
real 10.1.2.101
inservice
real 10.1.2.102
inservice
probe 8021
vserver TEST
virtual 10.1.2.100 tcp 8021
serverfarm TEST
replicate csrp connection
persistent rebalance
inservice
VIP and real status:
vserver type prot virtual vlan state conns
Q_MAS_8021 SLB TCP 10.1.2.100/32:8021 ALL OUTOFSERVICE 0
real server farm weight state conns/hits
10.1.2.101 TEST 8 PROBE_FAILED 0
10.1.2.102 TEST 8 PROBE_FAILED 0

you need to specify what HTTP response code you expect.
The command is :
gdufour-cat6k-2(config-slb-probe-http)#expect status ?
<0-999> expected status - minimum value in a range
The default is to expect only 200.
This is why your 403 is not accepted.
Gilles.

Version 8 blocks http on non standard ports i.e. 8080

Version 7 handled http on both port 8080,8081 and 8082 but only text is passed after version 8 update. Is there a way to re-enable http on non standard ports? If you save the text file to the desktop and load it from there the html is processed correctly? Is there a directive besides "html" that could be place on the web pages to force html rendering on the odd ports. Version 8 works with port 4135 from Jefferson labs speed test.

See:
*http://www.mozilla.org/projects/netlib/PortBanning.html
*http://kb.mozillazine.org/network.security.ports.banned.override

Reverse proxing on non-standard ports

Hi,
I want to create a new Reverse proxy mapping between an application and a GlassFish instance running on non standard port (not 80 / 443). Creating a mapping for HTTP works fine, but I can't find a way to map both the http and the https ports to the mapping.
I have an application SecurityTest running on instance
http://links.mycompany.com:38081/rsd/SecurityTest
https://links.mycompany.com:38182/rsd/SecurityTest
I want a mapping for the application
http://www.mycompany.com/rsd/SecurityTest/ -> http://links.mycompany.com:38081/rsd/SecurityTest
https://www.mycompany.com/rsd/SecurityTest/ -> https://links.mycompany.com:38182/rsd/SecurityTest
The application is more or less a hello world servlet that is secure (form login) so it switch from HTTP to HTTPS when not logged in to ask for the username / password. Mapping to the http port works for the public page, the redirect gives an error:
Gateway Timeout
Processing of this request was delegated to a server that is not functioning properly.
Can anyone tell me how to configure the Web Server to make it work?
thanks

Hi,
I still get the same error:
[12/Nov/2007:14:34:50] failure (16473) rsdts.mycomp.com: for host i78473.mycomp.com trying to GET http:/lidip/, service-http reports: HTTP7765: error reading response header (Server closed connection)
And:
Bad Gateway
Processing of this request was delegated to a server that is not functioning properly.
I don't get any logs on the other side...

CSS 11501 ftp server setup problem using non-standard port

Dear Expert,
we would like to setup FTP server over CSS where our member sever use non-std-port to open both control/data channel (i.e. 6370 as ctrl and 6369 as data this case.) but seems we only get Passive mode FTP mode work only but not for Active mode FTP case for data channel establishement for server back to client...is there any professional advise can help on this case...? here is our setup info FYI
# sh ver
Version:               sg0820501 (08.20.5.01)
Flash (Locked):        08.10.1.06
Flash (Operational):   08.20.5.01
Type:                  PRIMARY
Licensed Cmd Set(s):   Standard Feature Set
                       Secure Management
CVDM Version:          cvdm-css-1.0_K9
!*************** Global
ftp data-channel-timeout 10
ftp non-standard-ports
!************************** SERVICE **************************
service ftp_ftpgtw
keepalive maxfailure 2
keepalive frequency 15
keepalive retryperiod 2
keepalive type tcp
ip address 192.168.52.170
protocol tcp
keepalive port 6370
port 6370
active
# sh run group drfusegtwftp_grp
!*************************** GROUP ***************************
group gtwftp_grp
vip address 192.168.52.28
add service ftp_ftpgtw
active
content ftp_gtwpkg-ftpgtw
    add service ftp_ftpgtw
    vip address 192.168.52.28
    port 21
    protocol tcp
    application ftp-control
    active

Thanks for your confirmation on no prob found in config level 1st..:P..as to save us a lot of time in isolating problem at this level.
What we can notice is seems the data port connection is fail to open for server back to client....for our general sense..... the flow expected should be:
TCP session A -- Client:1234 --> VIP:21 --> member svr:6370
TCP session B -- Client: 5678 <--> VIP:20 <--> member Svr: 6379 [on demand generated between server/client]
but we can only see session B fail to setup when client side access VIP site on CSS..even we try to put the most standard case as below
TCP session A -- Client:1234 --> VIP:21 --> member svr:21
TCP session B -- Client: 5678 <--> VIP:20 <--> member Svr: 20
we still unable to make the Active mode FTP access work either...hence we got no idea on how CSS handle FTP access when it involve services over multiple tcp ports..
and from CSS xlate view...the problem is we can only see what NAT IP that used in CSS connect to client...but no way to confirm for which port for VIP using outgoing to client. neither it is dropped by CSS..nor it is never setup from VIP to Client side.

Does it Possible? Double non standard-port FTP servers on PAT?

Hello everyone!
I need to know how to configure 2 ftp servers for following topology on pic.
non standard ports
I can do translation on 1 ftp server (http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13776-6.html)
but when I am trying to add second FTP server I get following:
#ip nat inside source static 192.168.1.129 46.229.139.130
% similar static entry (192.168.1.236 -> x.x.y.y) already exists
Thank you.

Hello Jody.
That's is great! Thank you! Just added couple "ip nat service" and now working!
Also I noticed one thing.. 2 FTP servers is NAS Synology and that FTP servers have been configured slightly different. Look at the screenshot. With checked box "Report external ip in PASV mode".
When FTP server with marked box it's doesn't work.
When FTP server with unchecked box it does work.
I've noticed that different and fixed it.
Very interesting in the reason of that difference.

CFHTTP GET using non-standard ports

I have an application which goes out and checks links on
various servers to verify that the link still exists, however I
have a few links on servers that use non-standard ports (ie 8001,
7072, 8080, etc). When I dump CFHTTP I get the following:
struct
Charset [empty string]
ErrorDetail I/O Exception: Premature EOF encountered
Filecontent Connection Failure
Header [undefined struct element]
Mimetype Unable to determine MIME type of file.
Responseheader struct [empty]
Statuscode Connection Failure. Status code unavailable.
Text YES
Any ideas?
Thanks.
Mike

Yup, FaceTime was set up on all devices using my home network. It functions correctly pretty much everywhere except on my internal network at the office.
I'm pretty sure this is a firewall issue, not a basic FaceTime problem.

How can ftp service on non-standard port be load balanced using Cisco ACE.

How can ftp service on non-standard port be load balanced using Cisco ACE.For example ftp service required on tcp 2000 port

Hi Samarjit,
you can do this by specifying the port number in the class map that you create . Please find the below mentioend config guide where you can specify the tcp/udp port , range or ports or even the wild card to match the port.
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/mapolcy.html#wp1318826
Regards
Abijith

Terminal: Stored Remote Connection with non-standard Port?

Hi,
I am new to MacOS and I am amazed by the integrated terminal. However, I sometimes need to connect to servers which use a non-standard SSH port, for example, 2020. I know that I can manually connect, but for convinience, I'd like to have a saved remote connection including the non-standard port. Is this possible somehow?
Thanks,
Felicitus

I did some experimentation, using Terminal.
Terminal -> New Remote Connection -> Service -> [+]
now enter your own new service which includes
/usr/bin/ssh -p 50022
I found I had to enter a bonjour entry to get it to accept my new service, but once I did, I was able to use that new service with the custom -p 50022 port value.
Your mileage may vary. I still prefer iTerm.
Oh yea. In the future, Terminal and Unix oriented questions are better asked in the Mac OS X Technologies > Unix Forum
<http://discussions.apple.com/forum.jspa?forumID=735>

In FireFox 9, loading secure web pages running on non-standard ports works just fine. In FireFox 10, those same pages do not load and a "The connection was reset" message is displayed.

How can this be fixed so functionality returns as per FF9 and below?
This occurs on any secured website running on a non-standard port, with FF10.

< X-Post from https://support.mozilla.org/en-US/questions/917315#answer-315144 >
I don't think this is restricted to Firefox. I've noted this behaviour with IE9, Firefox 10.0.2, Opera Mobile (on my phone) and Chrome(latest version) with my Linksys E3000 router (I access it from https://<IP>) and my 3ware RAID card management suite, 3DM2 (I access it from https://localhost:888 ).
Notably, the only thing amiss that I've been able to see in the certificates (I'm no expert) is that the one from Linksys has issue and expiry dates in 1969 and 1970 respectively. However, I don't think this is the cause since 3DM2 has proper looking issue dates and has the identical problem.
Coincidentally, I noticed this happening after a fresh reinstall of Windows 7 x64 with virtually nothing installed on it (FF, Office 2007), so I don't think it's something wrong with the other software on the machine.

How to use non-standard port for vnc?

Our Windows users who use RDC to connect to their desktops from off-site come in on a non-standard port number. Part of our security setup.
I'd like to do the same with Mac users who use screen sharing and vnc to connect remotely.
How can I specify another port number at both ends to accomplish this?
I can find nothing in the Network Utility app, or in the KB.
Surely there's a short sequence of Terminal commands that will do this?

I haven't tried this so don't know whether it will work. But I think it will. Presuming the target machine is a Mac, see if editing its /etc/services file will do it. Find the two lines that start with "vnc-server" and change the port number there. Launch Terminal.app as an administratively privileged user, sudo pico /etc/services, ^w to search for vnc-server, make the changes, ^x to exit, y to save and overwrite. Also, you will need to have screen sharing enabled in the target machine's System Preferences' Sharing, and the authorized users defined there, too. Reboot. Now, on the remote client, assuming it is also a Mac, the user would type ⌘k in the Finder (or mouse to Finder > Go > Connect to Server), and enter something like vnc://123.45.67.89:55900 where you substitute the actual IP address or host name for where I have entered 123.45.67.89, and where you substitute the actual alternate port number where I have entered 55900. Of course, in the clients' Screen Sharing's Preferences, they should choose to encrypt the entire session, not just the login. Like I said, I haven't tried this because I just tunnel my vnc stuff through ssh, but I'm thinking that this should work.

Accessing websites running on non-standard ports or with self-signed ssl certs?

I've got some sites running using self-signed ssl's that also run on non-standard ports. Firefox home doesn't seem to open these pages it just sits there with the spinner loading and a blank screen...
Anyone else noticed this?

If the ASA is using a certificate issued by a CA that is in the client's trusted root CA store, then the ASA identity certificate does not need to be imported by the client.
That's why it's generally recommend to go the route of using a well-know public CA as they are alreay included in most modern browsers and thus the client doesn't need to know how to import certificates etc.
If you are using a local CA that is not in the client's trusted root CA store to issue your ASA identity certificate or self-signing certificates on the ASA then you need to take additional steps at the client.
In the first case, you would import the root CA certificate in the trusted root CA store of the client. After that, any certificates it has issued (i.e the ASA's identity certificate) would automatically be trusted by the client.
In the second case, the ASA's identity certificate itself would have be installed on the client since it (the ASA) is essentially acting as it's own root CA. I usually install them in my client's Trusted Root CA store but I guess that's technically not required, as long as the client knows to trust that certificate.

Isakmp peers using non-standard port 4500

Hello,
I have a remote site using the Internet to access corporate networks over IPSEC. Set-up is as below:
Remote Router uses public IP across internet --> hits corporate untrusted nework FW --> NAT'ed to private 10.x.x.x IP --> reaches trusted network router.
The problem is that the peer keeps hanging and the only way to reset it is to issue 'clear crypto session' on the central trusted router. I have added isakmp keepalives with the aim of forcing some keepalive traffic:
crypto isakmp keepalive 90 30 periodic
...and this works to some degree (with DPD are u there keepalives). However I have noticed that the far end router uses non-standard ports when trying to set up phase-1 tunnel:
BEVRLY_D_CR184_01#sh crypto isa pee
Peer: 161.x.x.x Port: 4500 Local: 77.x.x.x
Phase1 id: 10.2.0.92
Peer: 161.x.x.x Port: 10456 Local: 77.x.x.x
Phase1 id: 10.2.0.92
Peer: 161.x.x.x Port: 10554 Local: 77.x.x.x
Phase1 id: 10.2.0.92
Peer: 161.x.x.x Port: 10557 Local: 77.x.x.x
Phase1 id: 10.2.0.92
Peer: 161.x.x.x Port: 10580 Local: 77.x.x.x
Phase1 id: 10.2.0.92
Peer: 161.x.x.x Port: 10589 Local: 77.x.x.x
Phase1 id: 10.2.0.92
Peer: 161.x.x.x Port: 10596 Local: 77.x.x.x
Phase1 id: 10.2.0.92
Peer: 161.x.x.x Port: 10600 Local: 77.x.x.x
Phase1 id: 10.2.0.92
These ports (non-4500) will be blocked by our firewalls. Why does it use these, and is there a way of stopping the router using anything other than port 4500?
Thanks
Phil

Hello,
Yes - there's NAT at the trusted central router end our side of the firewall... the config used is below:
Remote Router end:
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 180
crypto isakmp key address
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 90 30 periodic
crypto ipsec security-association idle-time 300
crypto ipsec transform-set BEVERLEY_Transform esp-3des esp-md5-hmac
crypto ipsec profile VTI
set security-association lifetime seconds 1800
set transform-set BEVERLEY_Transform
interface Tunnel1
description BEVRLY_CC296_01 F0/8 (10.30.45.29)
ip address x.x.x.x 255.255.255.252
ip helper-address 10.91.6.30
ip helper-address 10.4.162.92
ip mtu 1400
ip ospf message-digest-key 1 md5
load-interval 30
tunnel source Dialer1
tunnel destination
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
Central Router:
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 180
crypto isakmp key address
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 90 30 periodic
crypto ipsec security-association idle-time 300
crypto ipsec transform-set BEVERLEY_Transform esp-3des esp-md5-hmac
crypto ipsec profile VTI
set security-association lifetime seconds 1800
set transform-set BEVERLEY_Transform
interface Tunnel1
description link to Beverley via internet (BEVERLY_CR184_01 Tun1)
ip address x.x.x.x 255.255.255.252
ip mtu 1400
ip ospf message-digest-key 1 md5
load-interval 30
tunnel source FastEthernet0/1
tunnel destination
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
I believe the DPD keepalives ensure NAT is known and compatible (crypto isakmp keepalive 90 30 periodic) between the peers....
Any help gladly appreciated....
thanks
Phil

Http application on non standard port

Similar Messages

Maybe you are looking for