2

I need to use an instance of HttpListener to get a device's Useragent string (along with a few other custom HTTP headers), but I'm bumping into several walls (quite literally).

The first problem, which I'm not going to care about until the second problem is solved, is that HttpListener requires administrator privileges while the rest of my app doesn't.

The second problem is that windows firewall blocks all traffic to my app. This is obviously a big issue. I can't shamelessly ask my users to turn off their firewall (they might not even know how), and I can't add an exception using code. I understand the security implications for granting access to code that accepts commands from the outside world, but it is my only option.

What should I do?

EDIT I should mention that I've tried to listen on port 80 but that didn't work either. I can make the device connect on any port or address that I want to so that's nothing to worry about.

EDIT2

I'm playing with the idea of using a seperate webserver that takes a simple GUID as an argument, stores the HTTP header information in a database and serves it back to my app when requested. This solves both problems by moving all hosting and parsing logic to an entitiy that I control, the client will only need to use HTTP get requests. Does this seem like overkill to anybody?

EDIT3

Right now I've -sort of- solved it by temporarily adding firewall exceptions by calling netsh

    Private Const Port As Integer = 55748

    Private Shared Sub AddException()
        DeleteException() ' to prevent duplicates

        Dim netsh As New Process()
        Dim arguments As String = "advfirewall firewall add rule name=""MyApp"" dir=in action=allow protocol=TCP localport=" + Port.ToString
        netsh.StartInfo.FileName = "netsh"
        netsh.StartInfo.Arguments = arguments
        netsh.StartInfo.WindowStyle = ProcessWindowStyle.Hidden
        netsh.Start()
    End Sub

    Private Shared Sub DeleteException()
        Dim netsh As New Process()
        Dim arguments As String = "advfirewall firewall delete rule name=""MyApp"" dir=in protocol=TCP localport=" + Port.ToString
        netsh.StartInfo.FileName = "netsh"
        netsh.StartInfo.Arguments = arguments
        netsh.StartInfo.WindowStyle = ProcessWindowStyle.Hidden
        netsh.Start()
    End Sub

And my actual calls look like this

    Public Shared Function GetDeviceInfo(ByRef device As Dune) As DeviceInfo
        Dim info As DeviceInfo
        AddException()

        ' HttpListener magic happens here

        DeleteException()
        Return info
    End Function

This way there will be a temporary hole in the firewall to let me do my work. Still, someone should have a better idea...

Community
  • 1
  • 1
Steven Liekens
  • 13,266
  • 8
  • 59
  • 85
  • On which port, the clients are trying to connect to the instance of HttpListener. Seems like clients are using some other port rather than using standard port 80 for Http communication and hence the firewalls are blocking the communication. – Deepansh Gupta May 03 '12 at 03:59
  • I've tried again on port 80 as soon as I found out that my firewall was blocking requests, but that didn't change anything. I've updated my question. – Steven Liekens May 03 '12 at 04:07
  • Some firewalls only allow out going connections for port 80 while others allow both incoming as well as outgoing connections for port 80. Just check if the firewall in your dev environment is blocking incoming connections from clients on port 80. – Deepansh Gupta May 03 '12 at 07:17
  • @DeepanshGupta How would I do that? This code is supposed to run on client machines so I can't make it target a specific firewall. (Even that would probably be a huge pain with firewall versions changing over time) – Steven Liekens May 03 '12 at 08:16
  • If you were going to detect and poke a hole in the firewall (pretty common for server daemons), I'd recommend you target the Windows firewall, and do the hole poking in the installer. They have APIs for that. If they have a third-party firewall, the thing will most likely have a UI that auto-detects your listen-port activation, and pops up a dialog for the user. If they're using anything other than Windows Firewall, you can consider them a power user, and just provide docs with your program and/or on your web site to tell them what ports to open... – Merlyn Morgan-Graham May 03 '12 at 08:43
  • If you're using WiX: http://stackoverflow.com/questions/3666581/using-firewallexception-api-in-wix-to-apply-setting-to-all-network-profiles-in-w – Merlyn Morgan-Graham May 03 '12 at 08:45
  • As for the admin privileges issue, see http://connect.microsoft.com/VisualStudio/feedback/details/93940/httplistener-requires-admin-priveleges - which links to http://stackoverflow.com/questions/443640/httplistener-start-accessdenied-error-on-vista – Merlyn Morgan-Graham May 03 '12 at 08:48
  • I love the suggestions, but before I start doing hacky stuff: is there maybe something in the WCF API that I can use to replace the HttpListener and avoid the windows firewall block? I've never worked with WCF before but it seems to offer what I need... – Steven Liekens May 03 '12 at 09:48
  • This little out of the blue, but do you have skype installed? It defaults for port 80 for incoming connections. This can play havoc with local web servers. Here's how to change it: http://www.mydigitallife.info/disable-skype-from-using-opening-and-listening-on-port-80-and-443-on-local-computer/ – Beachhouse Oct 18 '12 at 14:14
  • Possibly but my issue was with windows firewall. Port number didn't matter too much, it wouldn't run anyway without disabling the firewall. To this day I'm still using the netsh hack and it seems to work fine. – Steven Liekens Oct 18 '12 at 14:46
  • This is a big issue. I'm reluctant to add a firewall exception for the port I'm using. IMHO this is a bad practice. Is there still no solution about that ? – Filimindji Sep 01 '14 at 16:05
  • Adding an exception programatically is not very nice indeed. Perhaps we should look into ways to trigger firewall dialogs that ask the user for permission? – Steven Liekens Sep 03 '14 at 07:13

0 Answers0