You might have heard that the major browser vendors were planning to block port 10080 – the port used by Zend Server through ZS 8 (PHP 5.6). Firefox made the first move, then Chrome followed. We have been receiving support requests on this issue since April 2021. Why did the browser vendors block port 10080, and what can you do to get your site working again?
Why browsers are blocking port 10080
The NAT slipstreaming attack is the reason why. Briefly, a malicious website can trick your router into letting the malicious system talk to private services on your network. It works by pretending to send packets from other protocols that require special handling from routers such as SIP. This special handling usually involves opening up additional ports to the internet, as many of these protocols rely on starting additional sessions.
Port 10080 is one of those protocols that involves special handling, due to its use by another protocol. This had the unfortunate effect of affecting Zend Server users who didn’t change their default port.
Symptoms / messages
- Chrome: This site can’t be reached: ERR_UNSAFE_PORT
- Firefox: This address is restricted: This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection.
What to do about it
You might be able to configure your browser to override the browser’s 10080 port block, but we have not gotten this override to work, and it could be tedious and error-prone.
Best Approach: Change the web server’s listening port to something other than 10080. For HTTP Server for IBM i (based on Apache), this can be done through the HTTP Administration interface, or by editing
httpd.conf for the instance. Change the port on the Listen directive and any other directives specifying port 10080, such as those for virtual hosts and SSL. If you prefer to retain Listen 10080 to minimize disruption for clients that don’t block that port, you may add an additional Listen statement while leaving the original one running. Either way, when done, end the web server, then restart it.
Before: Listen 10080
After: Listen 10085
The port 10085 is just an example. Choose a port that your users are able to access. Remember to end and restart your web server when done.
If you would like help changing or adding a listening port, let us know.
For more on Apache and IBM i open source