StandAlone app being blocked by web security

For those that are hosting Stand Alone application on Linux, it’s likely you are running this on a VPS LAMP like I am, and therefore the standard HTTPS port 443 is already in use by Apache, so you got to choose something else, like 8080, 8088 etc

All of my customers are research institutions. Universities are ok, but hospitals and govt have serious internet security internally, because they hold patient data. The result is their web access security/proxy is often blocking access to our StandAlone web app. Usually after a bit of a battle by the clients with their IT dept, our URL gets white listed I guess, but so far have not got any feedback “why”.

Has anyone experienced something like this?

I suspect its moreso the actual content that automated security appliances are blocking, because they see it as different, rather than our choice of non standard http/s ports. I have tried many variations except for 80/443, none seem to make a difference but have settled on 8443 (for https) so that it at least looks like we are trying for the IT admins that need to allow access to our app.

Most financial institutions (I used to work in that space), on all firewalls block all ports from any location to any location, then open up ports/paths on a needed basis. Now ports like 443 (HTTPS) they will open up easily by the NOC as it is a common well defined port. You having to “discuss” with the corp IT folks about opening up the ports is not a shocker.

You can replace financial institution with medical institution and the rules are basically the same.

sb

Do you need Apache to be running? If not turn it off. Otherwise try ProxyPass to have Apache proxy to your application.

Thanks Scott.

Bob, apache is kind of important, my website wont work if I turn it off :slight_smile: nor would cpanel.

Do you mean this https://www.linode.com/docs/websites/proxies/multiple-web-servers-with-proxypass-on-centos-5
Thats new to me, but probably doable by the looks of it, I’ll ask my host - I used a fully managed VPS.

Basically yes. You have Apache proxy requests to your standalone web app. That way people will access it using port 443 but behind the scenes it has the other port.

Below are a couple of older threads on the subject:

https://forum.xojo.com/3132-help-with-apache-proxy-and-virtual-hosts

https://forum.xojo.com/2832-solved-proxypass-w-apache-2-4-4

Seems simple enough… All I should need to do is add a few lines to the existing virtualhost configuration files.

My VPS is running Centos - Cpanel provided by FutureHosting.com. The configuration is not the same, as Cpanel throws some variations in there it seems the support team is working with me on it. The best result we get so far is a 404 error (which is better than breaking apache altogether)