Project

General

Profile

[Solved] Regarding internal port number being exposed on scan

Added by murugesh over 4 years ago

Hello,

This query is related to lighttpd.conf (for 1.4.48 version).

Lighttpd.conf has following server configuration :
proxy.server = (
"/app-ui" => (
"node" => (
"host" => "127.0.0.1",
"port" => 8668
)
)

Here 8668 is the port number which is internal to application server, but on scanning for open ports, 8668 got exposed to customer and it allows login with url: https://server-ip:8668 instead of actual url: https://server-ip/app-ui/.

Is there a lighttpd configuration setting to not expose internal ports to external world ? (like port scanners ?).

Thank you,
Murugesh.


Replies (2)

RE: Regarding internal port number being exposed on scan - Added by gstrauss over 4 years ago

According to the config you have shared, lighttpd is configured to proxy back to 127.0.0.1 port 8668, but lighttpd is not configured to start whatever backend is listening on that IP and port.

Therefore, this is not due to lighttpd in any way.

Instead, it sounds like you have misconfigured the backend daemon to listen on * instead of listening only on 127.0.0.1.

RE: [Solved] Regarding internal port number being exposed on scan - Added by murugesh over 4 years ago

Thank you Gstrauss.

Regards,
Murugesh.

    (1-2/2)