Archive of UserLand's first discussion group, started October 5, 1998.

Re: Firewalls, Hooray

Author:William Crim
Posted:5/5/2000; 2:37:06 PM
Topic:scriptingNews outline for 5/5/2000
Msg #:17017 (In response to 17012)
Prev/Next:17016 / 17018

Pike generally will not work if you are using your computer from behind a "firewall" and trying to author for a site that is outside the firewall. This is the reason your organization runs firewall software, to prevent you from doing the kinds of things Pike does.

This seems a gross simplification of what a firewall is for. Also the "prevent you from doing the kinds of things Pike does." doesn't say what it is that Pike is doing that violates most firewalls. There are all sorts of reasons to restrict incomming http requests, and this statement(and the rest of the message) gives the user no clue as to why a sysadmin might want to restrict Pike, or why Pike falls into the same class as restricted programs.

That does not mean that Pike is dangerous, we don't believe it is, but your server system administrator wants to know what you're doing, so by putting the firewall up, he or she makes sure to be in the loop as you start using your desktop computer for new things.

Or it could be that the sysadmin put up a firewall to screen out a whole range of attacks from script-kiddies. It could also be that the sysadmin can't be sure that all the computers are patched against attack, so he limits outside access to those machines. Or it could be they are using Network Address Translation(a VERY VERY common use for firewalls) because their site doesn't have the $$$ to pony up for more IP addresses. There are many reasons to have a firewall, but few of them have to do with monitoring users.

I would rewrite the text of the first portion as so...

Pike generally will not work if you are using your computer from behind a "firewall" and trying to author for a site that is outside the firewall. Pike talks to your web server.  However, sometimes the server needs to talk to Pike, and this is the part of Pike firewalls usually block.  


That does not mean that Pike is dangerous, we don't believe it is, but firewalls often block incomming connections for security reasons, which may be happening in your case.  Sometimes network administrators can allow these requests to pass through if your network supports it. 


So, if you're having trouble using Pike and you suspect it's because of a firewall (or if a UserLand person has told you it's a firewall issue), please ask your sysadmin to read this page. Thanks!

This gives the user more information, and doesn't make assumptions about the motivations of the admins, only the operation of the firewall.

In the case of Network Address Translation(one external IP for many internal IPs), there is nothing the firewall admin can do to fix it(unless there is only one possible Pike user on their network). If the server response were to ride back along the same request that made it, it would work. But from what I get in the Pike DG, the server attempts to connect to Pike, rather than keep the initial Pike connection open and replying down the same open connection.

There are responses to this message:

This page was archived on 6/13/2001; 4:55:05 PM.

© Copyright 1998-2001 UserLand Software, Inc.