4

We have developed an app in python and are using flask to expose its api via http requests.

  • all this on WINDOWS -

Everything works ok and we have tested in-house with no problems and we are now trying to use the app in the real world - we have gotten our IT dept to give us a public facing ip/port address (forwarded through a firewall ??) and now we can't access the server/app at all.

After a bit of digging, we've found the problem has something to do with the Windows Firewall configuration, when its on it won't work, when its off everything is fine.

the flask app code is run like so: app.run(debug=False, host='0.0.0.0', port=8080) the port 8080 is setup in the Firewall Exceptions as is python.exe in the Program Exceptions

netstat -a shows the app is sitting there awaiting connection.

If I try to access the site though chrome I get the error: ERR_CONNECTION_TIMED_OUT.

With the firewall on i'm never seeing any "hits" come through to the app at all.

Is there some other configuration I'm missing?

Many thanks.

push 22
  • 1,172
  • 3
  • 15
  • 34
  • 1
    First off-- it looks like you're trying to use the Flask debug server as a production server. That's a bad idea, it's designed just for development and has limitations that make it a bad choice for a production environment. mod_wsgi with Apache is probably the best choice for Windows. – Doobeh Sep 30 '14 at 00:04
  • On the firewall point, I don't have a Windows computer to hand-- but rather then unlocking the service, is it possible to just add an inbound rule on the actual port your care about to allow it through? – Doobeh Sep 30 '14 at 00:05

2 Answers2

3

When running Flask from a windows machine with a firewall I open a port with the following commands:

netsh firewall add portopening TCP 8080 "MyAppName"
netsh advfirewall firewall add rule name="MyAppName TCP Port 8080" dir=in action=allow protocol=TCP localport=8080
netsh advfirewall firewall add rule name="MyAppName TCP Port 8080" dir=out action=allow protocol=TCP localport=8080

It work for me. Is it too much? I don't know as I am not a Firewall guru :(

Cabu
  • 514
  • 2
  • 5
  • 15
1

When running as a service the program running the service is not python.exe but rather pythonservice.exe. You will have to add that to the allowed programs in the Windows Firewall Setup. In my case it is located under C:\Python33\Lib\site-packages\win32\pythonservice.exe.

Jeffrey Bosboom
  • 13,313
  • 16
  • 79
  • 92
blitzkopf
  • 21
  • 3