[Cerowrt-devel] Comcast specific Cerowrt-3.10.26-7: another "too exciting for me" unrelease
Dave Taht
dave.taht at gmail.com
Fri Jan 24 17:27:52 EST 2014
On Fri, Jan 24, 2014 at 5:08 PM, Toke Høiland-Jørgensen <toke at toke.dk> wrote:
>> the biggest problem people have had is the switch to https vs http
>> for the gui, their webbrowsers' cache rewrite the url back to http,
>> and lighttpd,
>> unlike apache, doesn't give any sign as to why the connection is
>> not working.
>>
>> remember: https://gw.home.lan:81 from now on...
>
> How about moving the HTTPS listener to a new port, and keep the http listener on port 81, but having it redirect unconditionally to the new address?
Great, now I gotta know :XX. :). IMHO the temporary pain of your web
browser rewriting urls for you
once, is better than sticking a pair of redirects into the system, but
I could be persuaded otherwise.
It does open the question of "why use a specialized port for
configuration at all"? In an ipv6 world we have
restored e2e connectivity, and that makes it possible for random
arbitrary boxes on your network to be
providing a useful web based service, which is a good thing...
and also, suddenly every device with a web server on it on 80 and 443
is vulnerable, ranging from your printer to your fridge.
Now we can arbitrarily block port 80/433 across ingress to the network
(which I fear is what will happen), or we can move devices containing
sensitive info to their own port range which can be treated more
sensibly.
So how 81 happened was I went through /etc/services and saw that 81-87
had apparently never been allocated.
A "config port" seemed sane, thus 81 for the adminstration gui, and 80
and 443 for their normal uses. I might argue that there should be an
industry standard for a "config port" that has different behavior than
normal ports, by definition listening only on the local network, for
example... or limiting hop count... this is the sort of behavior that
bind has by default.
>
> -Toke
>
--
Dave Täht
Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
More information about the Cerowrt-devel
mailing list