docker port 10080 映射不了

2021-12-02 13:00:40 +08:00
 selfcreditgiving

今天测试 docker-compose.yml 文件。发现一个很奇怪的问题,把 express 容器的端口映射到 10080

docker-compose up -d 都正常没有报错,但是使用 10080 端口就是访问不了。

docker exec 进入 容器里面 用 curl 直接访问容器内的端口也是正常的。

一直想是不是程序哪里弄错了,后面找不出 bug 没办法一通乱试,最后换一个端口 49160 竟然就可以了。

google 一下 port 10080 关键字 才发现是 chrome 把 10080 端口给封了。

还有很多其他端口也是。(见下面链接)

https://www.bleepingcomputer.com/news/security/google-chrome-blocks-port-10080-to-stop-nat-slipstreaming-attacks/

Google Chrome blocks port 10080 to stop NAT Slipstreaming attacks By Lawrence Abrams April 8, 2021 04:50 PM 0 Google Chrome

Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks.

Last year, security researcher Samy Kamkar disclosed a new version of the NAT Slipstreaming vulnerability that allows scripts on malicious websites to bypass visitors' NAT firewall and gain access to any TCP/UDP port on the visitor's internal network.

Using these vulnerabilities, threat actors can perform a wide range of attacks, including modifying router configurations and gaining access to private network services.

Illustration of the NAT Slipstreaming 2.0 attack Demonstration of a NAT Slipstreaming 2.0 attack As this vulnerability only works on specific ports monitored by a router's Application Level Gateway (ALG), browser developers have been blocking vulnerable ports that do not receive a lot of traffic.

Currently, Google Chrome is blocking FTP, HTTP, and HTTPS access on ports 69, 137, 161, 554, 1719, 1720, 1723, >5060, 5061, and 6566.

Today, Google has stated that they intend to block TCP port 10080 in Chrome, which Firefox has already blocked since November 2020.

我想,浏览器要屏蔽端口,是不是应该有个什么提示会友好点呢?

仔细看 chrome 的错误页面,还真有个提示:ERR_UNSAFE_PORT 这个提示也太不明显了。。。

1652 次点击
所在节点    Docker
4 条回复
ijrou
2021-12-02 13:33:00 +08:00
我觉得很清晰了,毕竟这是给开发者看的,unsafe_port
CEBBCAT
2021-12-02 14:11:56 +08:00
这贴发得有点水
cinhoo
2021-12-02 14:14:23 +08:00
This address is restricted

This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection.

Firefox 的提示
selfcreditgiving
2021-12-02 15:52:07 +08:00
@CEBBCAT @ijrou

80 端口映射成 10080 用于测试,这个概率很大吧。

如果 chrome 的提示这么不明显,不是耽误我时间嘛。而且提示的中文部分也不对, “网页暂时无法连接” 和 端口是被他自己故意屏蔽了这个事情都对不上。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/819514

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX