Search code examples
phpproxywebsocketclient-serverratchet

Some aggressive proxies will block traffic that isn't on port 80 or 443

The title is copy-paste from the documentation of Ratchet( A PHP library to provide communication between client and server over Websockets).

Some aggressive proxies will block traffic that isn't on port 80 or 443 (not many, research your target audience)

What is the meaning of proxy here? what is the proxy location in the network communication chain? client side? somewhere in the intermediary network? How to know if my audience has this problem. Could someone please explain in layman words what does this mean. I thank you very much in advance for this important notion for me to understand.

Solution

  • Proxy servers are network devices usually placed within corporate and alike networks to control web access. There are two types of proxies explicit proxies and transparent proxies. The first one is where the client application is configured to use using a proxy IP or host and a service port usually 8080, the later is a one where the client application is not aware of and the outgoing traffic is reaching it by sort of policy based routing or using a specialized protocol such as WCCP.

    In either cases the behaviour is the same, you have a device in the network which is doing an application layer access control and usually (Unless configured otherwise) they will allow access to only servers listening on ports: 80 for HTTP protocol and 443 for HTTPS protocol, which are the default service ports for those protocols.

    What the documentation is trying to say, is that you should make your server side service or application to listen to one of those ports to avoid a situation where connections from some clients will get blocked because a proxy server is being utilized in their network.

    Your client might detect if a proxy is being utilized by observing the internet settings > Lan settings on Windows machines:

    internet settings > Lan settings

    For transparent proxies things will be much trickier since the client is not aware of the existing of proxies, in the worst case the transparent proxy would be detected by inspecting a packet capture, you might find authentication requests or some header that usually not present if there is no proxy in the network.