防火墙会阻止端口80上的非HTTP通信吗? [英] Do firewalls block non-HTTP traffic on port 80?

问题描述

任何人都可以确认绝大多数用户防火墙不会在端口80上使用持久性传出TCP连接吗?

Can anyone confirm that using a persistent outgoing TCP connection on port 80 will not be blocked by the vast majority of consumer firewalls?

基于HTTP在TCP上运行这一事实进行了假设，但是从理论上讲，可以对数据包进行分析.问题是大多数家用防火墙是否都这样做?

That has been assumption based on the fact that HTTP runs over TCP, but of course it is theoretically possible to analyze the packets. Question is do most CONSUMER firewalls do this or not?

推荐答案

该功能称为ALG(应用层网关).这是防火墙了解甚至可能参与应用程序协议的地方

The feature is called ALG, Application Layer Gateway. This is where the firewall is aware of and perhaps even participates in an application protocol

防火墙可能这样做的主要原因有两个:

There are two main reasons a firewall may do this:

• 协议支持，为了支持协议，有必要窥探/参与，例如打开用于非被动FTP的其他端口或用于SIP + SDP的媒体端口
• 附加安全性:ALG可以充当透明代理，并过滤协议命令和操作以实施策略.例如.阻止HTTP CONNECT方法

ALG一直是状态防火墙的常见功能，尽管通常是不稳定的原因.

ALGs have been a common feature of stateful firewalls for many years, though often the source of instability.

对于安全说明性环境，期望HTTP由防火墙或其他专用策略执行设备验证和过滤.

For security proscriptive environments expect HTTP to be validated and filtered either by a firewall or other dedicated policy enforcement appliance.

住宅宽带路由器通常不具有高级防火墙功能.如果在端口80上进行HTTP验证/过滤，我会感到惊讶.

Residential broadband routers do not tend to have advanced firewall features. I would be surprised to find any with HTTP validation / filtering on port 80.

个人软件防火墙分为基本和高级两种.大多数消费者将拥有一个可能随其操作系统一起提供的基本服务，并且将不进行任何HTTP验证/过滤.

Personal software firewalls come in two flavours, basic and advanced. Most consumers will have a basic one that probably comes with their operating system and will not do any HTTP validation / filtering.

但是，用于威胁防护的高级Internet内容过滤的防病毒产品差异化趋势不断上升，它们很有可能过滤HTTP活动(但很难从其功能列表中确定).

However, there is a rising trend in antivirus product differentiation of advanced internet content filtering for threat protection, there is significant possibility these may filter HTTP activity (but is difficult to determine with certainty from their Feature Lists).

这篇关于防火墙会阻止端口80上的非HTTP通信吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！