php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #79767 Firewall rules on php.net appear to be blocking source port 1024
Submitted: 2020-07-01 19:01 UTC Modified: 2020-08-10 16:28 UTC
Votes:4
Avg. Score:4.5 ± 0.5
Reproduced:4 of 4 (100.0%)
Same Version:3 (75.0%)
Same OS:4 (100.0%)
From: chkimes at github dot com Assigned:
Status: Closed Package: Systems problem
PHP Version: Irrelevant OS: Any
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2020-07-01 19:01 UTC] chkimes at github dot com 
Description:
------------
1024 is not a reserved port, but many misconfigured firewall rules tend to include it and block outbound connections that use it as a source port. This is causing connection failures from Azure VMs, where the outbound load balancer often starts assigning ports from 1024 upward.

Test script:
---------------
From any fresh Azure VM *without a public IP assigned*:

curl https://www.php.net

Did your web server firewall rules recently change?

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-01 21:14 UTC] cmb@php.net
-Package: Website problem +Package: Systems problem
 [2020-08-05 16:39 UTC] chkimes at github dot com 
Is there any update for this? I have a small repro with this Action: https://github.com/chkimes/test-php/runs/950202873?check_suite_focus=true

The first request uses source port 1024 and fails. The second request uses source port 1025 and succeeds. This has previously been indicative of incorrectly set up firewall rules on the target.
 [2020-08-10 16:28 UTC] chkimes at github dot com
-Status: Open +Status: Closed
 [2020-08-10 16:28 UTC] chkimes at github dot com 
Firewall rules are now fixed
 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved. 		Last updated: Sun Oct 01 13:01:24 2023 UTC