php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79767 Firewall rules on php.net appear to be blocking source port 1024
Submitted: 2020-07-01 19:01 UTC Modified: 2020-08-10 16:28 UTC
Votes:4
Avg. Score:4.5 ± 0.5
Reproduced:4 of 4 (100.0%)
Same Version:3 (75.0%)
Same OS:4 (100.0%)
From: chkimes at github dot com Assigned:
Status: Closed Package: Systems problem
PHP Version: Irrelevant OS: Any
Private report: No CVE-ID: None
 [2020-07-01 19:01 UTC] chkimes at github dot com
Description:
------------
1024 is not a reserved port, but many misconfigured firewall rules tend to include it and block outbound connections that use it as a source port. This is causing connection failures from Azure VMs, where the outbound load balancer often starts assigning ports from 1024 upward.

Test script:
---------------
From any fresh Azure VM *without a public IP assigned*:

curl https://www.php.net

Did your web server firewall rules recently change?


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-07-01 21:14 UTC] cmb@php.net
-Package: Website problem +Package: Systems problem
 [2020-08-05 16:39 UTC] chkimes at github dot com
Is there any update for this? I have a small repro with this Action: https://github.com/chkimes/test-php/runs/950202873?check_suite_focus=true

The first request uses source port 1024 and fails. The second request uses source port 1025 and succeeds. This has previously been indicative of incorrectly set up firewall rules on the target.
 [2020-08-10 16:28 UTC] chkimes at github dot com
-Status: Open +Status: Closed
 [2020-08-10 16:28 UTC] chkimes at github dot com
Firewall rules are now fixed
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Apr 13 21:01:23 2021 UTC