Tuesday, September 02, 2008

Getting around the Firefox port-blocking annoyance

Firefox 3.x has introduced something I'm sure they call a 'feature', but is a major annoyance for any sysadmin and developer -- they block access to ports other than 80. I thought IE was the only browser that was brain-dead that way, but Firefox has proved me wrong. Anyway, here's a simple recipe for getting around this:

1) go to about:config in the Firefox address bar
2) right click, choose new->string
3) enter the name network.security.ports.banned.override and the value 1-65535
4) there is no step 4


Anonymous said...

Mozilla has had selective port blocking for a long time due to security reasons. It is a good thing, and you shouldn't disable it in your main profile. You should go read the reasons and the specific blocked ports here: http://www.mozilla.org/projects/netlib/PortBanning.html

If you are a developer, first consider if you could use some unblocked port. Second best alternative would be to use a developer profile in which you disable port blocking only for the specific ports you need (you can launch multiple firefox processes with -no-remote option).

Justin Driscoll said...

I've never run into this myself so this was news to me.

It appears they only block a (fairly reasonable) specific set of ports that are used by other protocols: http://www.mozilla.org/projects/netlib/PortBanning.html

If it's any consolation "Allow the user to decide if the blocking is really required." is on the list of "Things to do".

Anonymous said...

Yeah never ran into that either.

Dirkjan Ochtman said...

I regularly connect to port 8000 on my own server, so it seems to me there really isn't much of a problem.

Grig Gheorghiu said...

Sorry, I should have made it more clear that it's *selective* port blocking, not wholesale blocking of any port different from 80. But still, Firefox blocks ports such as 81, 82, etc -- which is a major annoyance in my line of work (we're mapping various Tomcat instances to those ports for example.)


Unknown said...

Thanks for the tip. I use firefox to view Internet cameras on different ports. I unblocked them in v2 but when I upgraded to v3 the ports were blocked again. After issuing the warning firefox should allow the user to continue if they want to.

Austin said...

In Firefox v3.5, network.security.ports.banned.override may not apppear by default in the about:blank list. The key must then be created by right-clicking on any
existing key and creating it.

Anonymous said...

Thanks for this, useful post.

Anonymous said...

Heikki, while I'm find for it being enabled for the masses. I prefer to use the safety mechanisms in my brain. Phishing is a far bigger risk than alternate ports. I've never had users be harmed by alternate port usage, but I've had many harmed by phishing.

Commenting on this old post because it ranks very high when searching for information about this "feature."

Modifying EC2 security groups via AWS Lambda functions

One task that comes up again and again is adding, removing or updating source CIDR blocks in various security groups in an EC2 infrastructur...