Port Restrictions for HttpService

Maybe it’s to meet web standards, as this service should just be used for Http Requests alone.

This should be at least toggleable, some developers might need other ports for certain stuff,.
I guess this makes sense, as we can usually configure what ports we use but idk. ¯_(ツ)_/¯

1 Like

How exactly will you be contacting us? Via Roblox messages? And, if there is a game tied to a group that needs this change, will the group owner be contacted?

2 Likes

For what exactly? These are all reserved, privileged ports that you shouldn’t be using for http. If you are, then that’s not Roblox’s fault that you are using bad port mappings. Many cloud providers block a bunch of these ports too for abuse reasons.

5 Likes

This seems fine? If you’re using low ports you likely have to be following some specific protocol anyway, e.g. FTP, which is gross or perhaps impossible to do with HttpService

HttpService is meant for the HTTP protocol. If there are major use cases for other protocols, there should be a service specifically meant for that, wherein Roblox can securely control how it is used.

9 Likes

for whose security is this update? roblox’? the http server’s?

This will negatively affect me as I request to my own private apis in some cases on certain ports. Now with this change I’ll need to set up multiple virtual servers with reverse proxies which introduces unnecessary overhead on my machines.

Why are you using sub 1024 ports? This requires root permission.

1 Like

Oh I read the post wrong. I thought they were blocking all ports except those before 1024. My mistake.

1 Like

Ports are connections into a server each port is used for a different task they are simply blocking you from entering the servers from these ports.

Is there a compelling reason for port 0 to be blocked or is it just to be consistent?

1 Like

Who’s using OpenVPN on Roblox? Is there any specific reason for blocking that port exclusively and not other VPN protocols like Wireguard ( 51820)

7 Likes

In very simple terms, programs running on a computer can communicate with other computers via the internet, but they need to choose a port. This is so computers know which program to send incoming information to, because otherwise it all just comes into the same place (information is sent over the internet via different protocols - ways of formatting and interpreting data, but it’s all just just raw binary data until a program can interpret it).

Web servers use port 80 and 443 and communicate with protocols HTTP and HTTPS.

This change is to prevent Roblox servers from being able to potentially communicate with unintended programs on other computers on the internet that are not intended for processing regular HTTP traffic (i.e. fetching webpages, or returning data via web API). Roblox only wants to be able to talk to web servers via HttpService, and not e.g. file transfer software or email servers. Your own programs may listen for data on higher ports if you so choose. This is safer because it’s your software, and your software does not necessarily have super high permissions on the computer unless you unwisely give it that permission. More sensitive programs with very high permissions run on the reserved ports Roblox is blocking.

13 Likes

I’m glad you’re leaving high ports unblocked, we use these for debugging and sending stuff to localhost.

I’m guessing this change is also in place so Roblox can start using those ports more frequently.

6 Likes

Port 0 is the only TCP port that is technically not valid for general use (connections). So what happens is that you cannot have a service bound to port 0, let alone connect to port 0.

From a development side (socket programming), port 0 means “doesn’t matter, just pick one that works”. This is generally used when programming clients (not services).

Source: GRC | Port Authority, for Internet Port 0

While I doubt it, does this block connections to Discord?

I don’t think this should block connections to Discord as it listens to HTTPS port (443)

2 Likes

While this change doesn’t affect discord’s webhooks, Discord has started blocking any traffic from Roblox’s servers again as people were not following Discord’s TOS.

2 Likes

2 posts were split to a new topic: Off-topic posts on “Port restrictions for HttpService”

What really was the intended point here? Wouldn’t it have been been better to allow us to manually restrict ports using a non-scriptable CSV property or something, idk, HttpServiceBlockedPorts

Just researched this, looks like it was done to block other server connection types etc. Obviously, Roblox just wants us to connect to only web servers. Of course it could just be proxied but at that point you’ve already done too much.

Also blocking 1194 looks like you’re directly targeting a VPN protocol.

2 Likes