HTTPSocket and Windows firewall / antivirus software

Here is a problem that has bamboozled me for years, and I bet there is a simple solution.

I use HTTP socket to register my software. The user sends the registration data to the server. The server checks it with the db and reports if the user data is valid or not.

On Mac this is never a problem, it always works.

On Windows, most users have to disable their antivirus software and turn off their firewall in order for the server response to get through.

Is there any way around requiring Windows users to do that? It’s really annoying that every time a Windows user installs my software they have to go through this, and most of them don’t read the directions so they don’t turn the stuff off and I have to deal with it over email.

It’s been long enough I’ve dealt with this nonsense I’m finally asking the experts here : )

Thanks for your help.

Do you specify a specific port to connect to ?
Or an URL that includes a port ?
And its not port 80 ? Or 443 for HTTPS ?
That might trigger the default firewall configuration to block the connection for security reasons.
AV software has been known to do this as well.

Windows Firewall is, as far as I recall, set up to disallow incoming connections by default to apps that are not already on its whitelist.
And the list varies from version to version.
Outgoing connections are a different matter and require delving into the Advanced setting for Windows Firewall and … .thats beyond what I know about Windows Firewall.

Never had a problem using a standard port with HTTPSocket/HTTPSecureSocket.

[quote=165907:@Norman Palardy]Do you specify a specific port to connect to ?
Or an URL that includes a port ?
And its not port 80 ? Or 443 for HTTPS ?[/quote]

I’ve only been specifying a URL. It’s in cgi-bin (a Perl script) - only because I implemented this many moons ago. Now I would do it with PHP …

I’m not using the SecureSocket. So it makes no difference for you if you use secure or not secure?

I should clarify, I’m not using the SecureSocket, only because I implemented this mechanism before SecureSocket was available to me according to my RB license at the time. Now it’s available to me according to the changes made in the Xojo license, I suppose I should change my code to use the secure socket, but I haven’t done that. I could also use the MBS CURL class instead. Would that solve the problem?

[quote=165907:@Norman Palardy]Or an URL that includes a port ?
And its not port 80 ? Or 443 for HTTPS ?[/quote]

Would including the port explicitly in the URL make a difference?


I dont think so since an URL without it should go to port 80 by default

I’d set up a stock clean windows vm and try going to the URL your software uses in IE,Safari,Chrome etc and see if that also requires disabling the firewall

Right. I’ve used all of the following

  • HTTPSocket
  • HTTPSecureSocket, secure = false
  • HTTPSecureSocket, secure = true
    I don’t recall ever having the firewall or antivirus barf. Now a TCPSocket on the other hand, mucho problems.

Whitelisting is not required for outgoing connections. Are you using HTTPSocket.Post?

Well, I need some of that magic! :slight_smile:


Something like that - but if a web browser can get to your URL without requiring the firewall changes and your software cant then there’s something else going on

Exactly. The firewall shouldn’t be able to distinguish your app from a browser. Are you sure you don’t have any TCP connections?

Break out your socket into a small test app. Can you make the connection in a fresh app?

Yes. I set for data, do a post, and look at the result.

result =“myURL/”,5)

Maybe it’s the timeout? What value do you use as timeout?

I typically use 30 for the timeout, but I doubt that would make a difference.

I suppose it could though. My apps wait for the response, but it might not be receiving a response. If it’s a “rejection” when it should be a “pass”, maybe the response was sent after the timeout. Could it be that Windows firewall causes a longer delay in server response times? That seems dubious. Users expect speed. There must be something else going on.

Yes, a good idea. Also I’ll increase the timeout.

Okay, some shedding to do here : )

Thanks for the help!

Are you getting a popup from the firewall/antivirus? Or are you getting a false negative and you just happened to discover that disabling the firewall/antivirus made it work? A longer timeout just might do the trick.

The latter.

Yes, I agree, based on what you’ve told me the longer timeout should solve it. Wow, that would be really great … and boy do I feel silly for not fixing this sooner : )

Just to follow up …

I’ve determined that sometimes the timeout caused a problem. I’ve increased it to 30 seconds (from formerly 5 seconds) and this has helped stop some errors.

Unfortunately, not all. I still have to tell Windows users to turn off their anti-virus / firewall in order to register. Here’s how I know it’s a problem on their end.

I used to get only one notice when a registration attempt was made, which told me whether it succeeded or failed. That is tough to debug, but I always just told them to turn off the anti-virus and / or firewall and try again, and that always worked though they sometimes had to try it multiple times.

Now I’ve changed the registration process to notify me twice: once when the registration attempt is made, and once when the license succeeds or fails to be installed on the machine. Now when there is a problem, I know where along the line it happens. It’s all done over a single connection and if it breaks, the process is aborted. The signal chain is:

  1. User sends name and license to the server
  2. server looks up the info, sends pass or fail notice back to the user. * I get a first notice either way *
  3. on pass, user’s machine attempts license install and sends pass or fail notice back to the server
  4. on pass, server updates the user’s records, on fail, does nothing. * I get a second notice either way *

Today a Windows user tried to register. The notices I got were:

1: attempt made, license checks out, “pass” message sent back to the computer.
2: computer replied with “fail”, software did not get authorized.

The users who have the most trouble seem to be in Asia, mostly in Russia. I thought maybe the problem might have to do with character encodings, but I find no evidence of that from the notices I receive, and I can’t see how it would prohibit a file from being saved on the user’s machine.

Any ideas?

P.S. whenever I try authorizing my software from my own Windows 7 laptop, it works just fine, and I can’t find a way to reproduce the problems.

To be clear, when the problem occurs, messages get sent to my server, but the messages my server sends back to the machine appear to get rejected. Is that some kind of default Windows firewall setting?