7

I have a simple Web Socket Server Application (SuperWebSocket) which I use to communicate with JavaScript. The idea here is to allow a local application to communicate with a browser. I'm developing this application for Windows 7 & 8 platforms.

The problem which I am having is that during the initial run, the Windows firewall shows the Security Alert for blocking communication to public domains. My application does not communicate with any resource outside the PC and therefore regardless whether we select unblock or block, the application will work.

My question is, can we avoid this security warning programatically? If the PC does not allow firewall access, is it possible to allow it to block it silently without popping any warnings?

I'm using WiX Installer to create a MSI package which will distribute the application. Is there any way we can set firewall permissions during install time?

The basic idea is to allow the program to run with minimal user interactions.

Thanks in Advance.

Update:

It seems that the issue was in the SuperWebSocket which binds the socket to all available interfaces. Something similar to this, 

TcpListener _listener = new TcpListener(IPAddress.Any, 21000);

However, If I use something like this,

TcpListener _listener = new TcpListener(IPAddress.Loopback, 21000);

The warning does not appear anymore. I tested this on a Windows 8 PC.

Drew Noakes
  • 300,895
  • 165
  • 679
  • 742
Isuru
  • 594
  • 1
  • 5
  • 19
  • what is the reason for a firewall, if you could bypass its functionality via javascript? wouldn't that lead to various scenarios for infection when we could bypass the firewalls dialogs?! –  Nov 06 '13 at 06:36
  • Its communicating locally, ie - socket runs on port 21000 and the JavaScript connects to 127.0.0.1:21000. The firewall only blocks access to networks right? – Isuru Nov 06 '13 at 06:40
  • The firewall is an interceptor for any communication between, if i remember correctly, tcp and any local resource. therefore ports, which rely on this transportation, are also affected. –  Nov 06 '13 at 06:42
  • "and therefore regardless whether we select unblock or block, the application will work." have you verified this? what about other firewalls, how do they behave? –  Nov 06 '13 at 06:45
  • My concern is only about the windows firewall. I created an outbound rule using Windows Firewall with Advanced Security blocking all access. I was able to access the socket without any issues. – Isuru Nov 06 '13 at 06:56
  • I've adapted your tags. So if you have created an outbound rule, why is there a dialog coming up? what does this dialog **exactly** say? anyway, there's an api which you could cope with when installing your local websocket-server... –  Nov 06 '13 at 06:58
  • 1
    @iZ88 "The firewall only blocks access to networks right?" Although here you are communicating locally...it's the port 21000 that matters. Once it is open, anyone can access it from the outside. So firewall wants to you to know and prompts coz it's not guaranteed that it will always be accessed locally. Further the rules comes into action... – Dinesh Nov 06 '13 at 07:03
  • Could there be a registry tweak which would add a firewall exception or block during install? I'm installing this app in the user context ( Roaming Profile ) so I have access to some elements in the registry. The idea is, if the application is not trustworthy, just block it. Don't show an error. – Isuru Nov 06 '13 at 07:07
  • @AndreasNiedermair, same content as in this image. http://www.blisshq.com/images/blog/windows-8/run-security-alert.png – Isuru Nov 06 '13 at 07:08
  • just search for "windows-firewall api" on google... like http://msdn.microsoft.com/en-us/library/windows/desktop/aa366418(v=vs.85).aspx –  Nov 06 '13 at 07:13
  • 1
    You can use the FirewallAPI to programmatically tweak as suggested in the answer http://stackoverflow.com/a/1243026/448407 and also you might to take a look at http://blogs.msdn.com/b/securitytools/archive/2009/08/21/automating-windows-firewall-settings-with-c.aspx – Dinesh Nov 06 '13 at 07:22
  • Descriptiong edited removing references to "Professional server, networking, or related infrastructure administration".. Thanks for the suggestions – Isuru Nov 06 '13 at 09:05
  • This question is perfectly valid and shouldn't have been closed. Voted to re-open. – Drew Noakes Apr 18 '17 at 20:56
  • @DrewNoakes I voted to reopen - seems your reopen request is gone – TmTron May 25 '21 at 11:01

0 Answers0