From: Dave Taht <dave.taht@gmail.com>
To: "Toke Høiland-Jørgensen" <toke@toke.dk>
Cc: "cerowrt-devel@lists.bufferbloat.net"
<cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] Comcast specific Cerowrt-3.10.26-7: another "too exciting for me" unrelease
Date: Fri, 24 Jan 2014 17:27:52 -0500 [thread overview]
Message-ID: <CAA93jw7kwqGs2cATRD7XiXzke30kbUxBN4=ZU+uzdsuP3e3yxA@mail.gmail.com> (raw)
In-Reply-To: <13b6a42d-47ca-4b1b-b3e8-a7ae8ba0809f@email.android.com>
On Fri, Jan 24, 2014 at 5:08 PM, Toke Høiland-Jørgensen <toke@toke.dk> wrote:
>> the biggest problem people have had is the switch to https vs http
>> for the gui, their webbrowsers' cache rewrite the url back to http,
>> and lighttpd,
>> unlike apache, doesn't give any sign as to why the connection is
>> not working.
>>
>> remember: https://gw.home.lan:81 from now on...
>
> How about moving the HTTPS listener to a new port, and keep the http listener on port 81, but having it redirect unconditionally to the new address?
Great, now I gotta know :XX. :). IMHO the temporary pain of your web
browser rewriting urls for you
once, is better than sticking a pair of redirects into the system, but
I could be persuaded otherwise.
It does open the question of "why use a specialized port for
configuration at all"? In an ipv6 world we have
restored e2e connectivity, and that makes it possible for random
arbitrary boxes on your network to be
providing a useful web based service, which is a good thing...
and also, suddenly every device with a web server on it on 80 and 443
is vulnerable, ranging from your printer to your fridge.
Now we can arbitrarily block port 80/433 across ingress to the network
(which I fear is what will happen), or we can move devices containing
sensitive info to their own port range which can be treated more
sensibly.
So how 81 happened was I went through /etc/services and saw that 81-87
had apparently never been allocated.
A "config port" seemed sane, thus 81 for the adminstration gui, and 80
and 443 for their normal uses. I might argue that there should be an
industry standard for a "config port" that has different behavior than
normal ports, by definition listening only on the local network, for
example... or limiting hop count... this is the sort of behavior that
bind has by default.
>
> -Toke
>
--
Dave Täht
Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
next prev parent reply other threads:[~2014-01-24 22:27 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-21 20:59 Dave Taht
2014-01-24 17:06 ` Dave Taht
2014-01-24 22:08 ` Toke Høiland-Jørgensen
2014-01-24 22:27 ` Dave Taht [this message]
2014-01-24 23:14 ` Sebastian Moeller
2014-01-26 3:04 ` [Cerowrt-devel] side issue, related to the bigger picture surrounding Cerowrt and Bufferbloat dpreed
2014-01-25 16:57 ` [Cerowrt-devel] Comcast specific Cerowrt-3.10.26-7: another "too exciting for me" unrelease Jim Reisert AD1C
2014-01-25 17:09 ` Dave Taht
2014-01-25 17:14 ` Dave Taht
2014-01-25 20:26 Jim Reisert AD1C
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAA93jw7kwqGs2cATRD7XiXzke30kbUxBN4=ZU+uzdsuP3e3yxA@mail.gmail.com' \
--to=dave.taht@gmail.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=toke@toke.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox