On 1/24/07, Travers Buda <[EMAIL PROTECTED]> wrote:
Last time I checked though, clients only talk with the web server on
port 80. So, the only reason you would want to keep state would be if
you have a ruleset like block out all (which is generally only usefull
if you don't trust the users of said machine.) So, just unconditionally
pass port 80 traffic in both directions.
Now I don't think that HTTP uses multiple ports on the server side to
send data to clients. A quick tcpdump on my end seems to confirm this.
[snip]
See? Google is only talking to me on port 80. And it does not look like
rfc2616 mentions any other ports besides 80.
Of course, like any other properly designed network app it uses the
existing socket for full duplex communication. You send a request to
port 80 so the response comes from port 80.
FTP and others that don't play like that are in the minority.
DS
