Correction: anything over 1024 that isn’t afaik 1194 (Rojo already uses something above that but I don’t remember from the top of my head)
3 Likes
This change is doing the reverse. All ports above 1024 will still be allowed. Rojo uses 34872 by default and should be unaffected.
5 Likes
I’m not saying that I run Rojo on these ports, all I’m saying is that it doesn’t affect Rojo at all. Many services allow you to change the port as you please, having configurations by default for them.
Ah, wait maybe I did misread it, as long as it means I don’t have to reconfigure projects I’m fine with it. I personally do think its better to block certain ports as it is a security risk.
1 Like
I think people are misreading this.
Ports 0-1023, and port 1194 will be blocked.
Ports 1024-65535 will not be blocked (with the exception of 1194).
This does not affect Rojo users using the default Rojo settings. Rojo uses port 34872 by default, and is therefore not affected.
Ports 80 and 443 will remain accessible. These are the default ports for “http://” and “https://” connections (including localhost).
26 Likes
Does this mean that these ports will be blocked throughout the platform or just through HttpService?
This won’t affect Rojo, as Rojo uses 34872 by default (which is above 1024)
1 Like
I’m sort of confused by the difference? The only way to do http requests is via HttpService - so effectively yes.
@Reinitialized I sort of suspect this is to prevent abuse via Roblox servers; doubt it has anything to do with making Roblox’s servers more secure.A whitelist system would defeat the point of that.
Maybe it’s to meet web standards, as this service should just be used for Http Requests alone.
This should be at least toggleable, some developers might need other ports for certain stuff,.
I guess this makes sense, as we can usually configure what ports we use but idk. ¯_(ツ)_/¯
1 Like
How exactly will you be contacting us? Via Roblox messages? And, if there is a game tied to a group that needs this change, will the group owner be contacted?
2 Likes
For what exactly? These are all reserved, privileged ports that you shouldn’t be using for http. If you are, then that’s not Roblox’s fault that you are using bad port mappings. Many cloud providers block a bunch of these ports too for abuse reasons.
5 Likes
This seems fine? If you’re using low ports you likely have to be following some specific protocol anyway, e.g. FTP, which is gross or perhaps impossible to do with HttpService
HttpService is meant for the HTTP protocol. If there are major use cases for other protocols, there should be a service specifically meant for that, wherein Roblox can securely control how it is used.
10 Likes
for whose security is this update? roblox’? the http server’s?
This will negatively affect me as I request to my own private apis in some cases on certain ports. Now with this change I’ll need to set up multiple virtual servers with reverse proxies which introduces unnecessary overhead on my machines.
Why are you using sub 1024 ports? This requires root permission.
1 Like
Oh I read the post wrong. I thought they were blocking all ports except those before 1024. My mistake.
1 Like
Ports are connections into a server each port is used for a different task they are simply blocking you from entering the servers from these ports.
Is there a compelling reason for port 0 to be blocked or is it just to be consistent?
1 Like
Who’s using OpenVPN on Roblox? Is there any specific reason for blocking that port exclusively and not other VPN protocols like Wireguard ( 51820)
7 Likes