Html html5 websockets 会被防火墙削弱吗?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1967943/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Will html5 websockets be crippled by firewalls?
提问by Travis
I'm extremely excited about html5's websockets spec but I have a concern.
我对 html5 的 websockets 规范感到非常兴奋,但我有一个担忧。
These days everyone is operating off of some network, with routers (wired/wireless) that have built in firewalls, windows has a built in firewall too.
如今,每个人都在某些网络之外运行,路由器(有线/无线)内置防火墙,Windows 也内置防火墙。
With that in mind when the server attempts to connect back to the browser that started the websocket handshake will it fail for the vast majority of users? (most people have no idea how to set up port forwarding on their routers)
考虑到这一点,当服务器尝试连接回启动 websocket 握手的浏览器时,绝大多数用户会失败吗?(大多数人不知道如何在他们的路由器上设置端口转发)
Or is my thinking incorrect and it will go through fine?
还是我的想法不正确,它会顺利通过?
采纳答案by Mark Renouf
I'm not an expert (so please check to confirm) but I believe there will be an UPGRADE mechanism where a regular HTTP connection can be made, then upgraded to a WebSocket, so no existing firewall rules interfere unless they are doing aggressive application level packet inspection. Connections are still initiated by the browser.
我不是专家(所以请检查以确认)但我相信会有一个 UPGRADE 机制,可以建立一个常规的 HTTP 连接,然后升级到一个 WebSocket,所以没有现有的防火墙规则干扰,除非他们正在做积极的应用程序级别数据包检查。连接仍由浏览器发起。
回答by Marcelo Cantos
HTML 5 WebSockets don't require port forwarding. Connections continue to be established from the client, but the client and server asymmetry disappears once the connection is established. WebSockets also punch through proxies by using the same CONNECT mechanism that HTTPS uses today.
HTML 5 WebSockets 不需要端口转发。继续从客户端建立连接,但是一旦建立连接,客户端和服务器的不对称性就会消失。WebSockets 还通过使用今天 HTTPS 使用的相同 CONNECT 机制来穿透代理。
回答by Peter Lubbers
Since firewalls typically simply enforce the rules for inbound traffic rejection and outbound traffic routing (usually through the proxy server), there usually are no specific WebSocket traffic-related firewall concerns.
由于防火墙通常只是强制执行入站流量拒绝和出站流量路由规则(通常通过代理服务器),因此通常没有与 WebSocket 流量相关的特定防火墙问题。
Proxy servers (and to some extent, certain load balancing routers as well) are a different matter though (See Why don't current websocket client implementations support proxies?)
代理服务器(在某种程度上,某些负载平衡路由器也是如此)是另一回事(请参阅为什么当前的 websocket 客户端实现不支持代理?)
