Skip to content

Troubleshooting › WebUI

This page outlines common errors or issues the end-user may come across in regards to the CSF web user interface.


Browser: This Address Is Restricted

By default, CSF assigns its web interface to port 6666.

It is important to note that both Firefox and Chromium based browsers have blocked access to a number of ports internally, including port 6666. This is done for security reasons, in order to prevent potential attacks and unsafe connections. Attempting to access the CSF web interface in your browser on the default port will result in the following errors:

Browser Error
Firefox This address is restricted.
This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection.
Chromium This site can’t be reached
ERR_UNSAFE_PORT



Firefox

The following is a list of ports that have been blocked by Firefox. The entire source can be found here.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
int16_t gBadPortList[] = {
    1,      // tcpmux
    7,      // echo
    9,      // discard
    11,     // systat
    13,     // daytime
    15,     // netstat
    17,     // qotd
    19,     // chargen
    20,     // ftp-data
    21,     // ftp
    22,     // ssh
    23,     // telnet
    25,     // smtp
    37,     // time
    42,     // name
    43,     // nicname
    53,     // domain
    69,     // tftp
    77,     // priv-rjs
    79,     // finger
    87,     // ttylink
    95,     // supdup
    101,    // hostriame
    102,    // iso-tsap
    103,    // gppitnp
    104,    // acr-nema
    109,    // pop2
    110,    // pop3
    111,    // sunrpc
    113,    // auth
    115,    // sftp
    117,    // uucp-path
    119,    // nntp
    123,    // ntp
    135,    // loc-srv / epmap
    137,    // netbios
    139,    // netbios
    143,    // imap2
    161,    // snmp
    179,    // bgp
    389,    // ldap
    427,    // afp (alternate)
    465,    // smtp (alternate)
    512,    // print / exec
    513,    // login
    514,    // shell
    515,    // printer
    526,    // tempo
    530,    // courier
    531,    // chat
    532,    // netnews
    540,    // uucp
    548,    // afp
    554,    // rtsp
    556,    // remotefs
    563,    // nntp+ssl
    587,    // smtp (outgoing)
    601,    // syslog-conn
    636,    // ldap+ssl
    989,    // ftps-data
    990,    // ftps
    993,    // imap+ssl
    995,    // pop3+ssl
    1719,   // h323gatestat
    1720,   // h323hostcall
    1723,   // pptp
    2049,   // nfs
    3659,   // apple-sasl
    4045,   // lockd
    4190,   // sieve
    5060,   // sip
    5061,   // sips
    6000,   // x11
    6566,   // sane-port
    6665,   // irc (alternate)
    6666,   // irc (alternate)
    6667,   // irc (default)
    6668,   // irc (alternate)
    6669,   // irc (alternate)
    6679,   // osaut
    6697,   // irc+tls
    10080,  // amanda
    0,      // Sentinel value: This MUST be zero
};


Chromium

The following is a list of ports that have been blocked by Chromium. The entire source can be found here.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
// The general list of blocked ports. Will be blocked unless a specific
// protocol overrides it. (Ex: ftp can use port 21)
// When adding a port to the list, consider also adding it to kAllowablePorts,
// below. See <https://fetch.spec.whatwg.org/#port-blocking>.
const int kRestrictedPorts[] = {
    0,      // Not in Fetch Spec.
    1,      // tcpmux
    7,      // echo
    9,      // discard
    11,     // systat
    13,     // daytime
    15,     // netstat
    17,     // qotd
    19,     // chargen
    20,     // ftp data
    21,     // ftp access
    22,     // ssh
    23,     // telnet
    25,     // smtp
    37,     // time
    42,     // name
    43,     // nicname
    53,     // domain
    69,     // tftp
    77,     // priv-rjs
    79,     // finger
    87,     // ttylink
    95,     // supdup
    101,    // hostriame
    102,    // iso-tsap
    103,    // gppitnp
    104,    // acr-nema
    109,    // pop2
    110,    // pop3
    111,    // sunrpc
    113,    // auth
    115,    // sftp
    117,    // uucp-path
    119,    // nntp
    123,    // NTP
    135,    // loc-srv /epmap
    137,    // netbios
    139,    // netbios
    143,    // imap2
    161,    // snmp
    179,    // BGP
    389,    // ldap
    427,    // SLP (Also used by Apple Filing Protocol)
    465,    // smtp+ssl
    512,    // print / exec
    513,    // login
    514,    // shell
    515,    // printer
    526,    // tempo
    530,    // courier
    531,    // chat
    532,    // netnews
    540,    // uucp
    548,    // AFP (Apple Filing Protocol)
    554,    // rtsp
    556,    // remotefs
    563,    // nntp+ssl
    587,    // smtp (rfc6409)
    601,    // syslog-conn (rfc3195)
    636,    // ldap+ssl
    989,    // ftps-data
    990,    // ftps
    993,    // ldap+ssl
    995,    // pop3+ssl
    1719,   // h323gatestat
    1720,   // h323hostcall
    1723,   // pptp
    2049,   // nfs
    3659,   // apple-sasl / PasswordServer
    4045,   // lockd
    5060,   // sip
    5061,   // sips
    6000,   // X11
    6566,   // sane-port
    6665,   // Alternate IRC [Apple addition]
    6666,   // Alternate IRC [Apple addition]
    6667,   // Standard IRC [Apple addition]
    6668,   // Alternate IRC [Apple addition]
    6669,   // Alternate IRC [Apple addition]
    6697,   // IRC + TLS
    10080,  // Amanda
};


Solution

If you wish to keep CSF's web interface on the default port 6666; you have a few options below to circumvent this block:

  1. Change CSF Web Port
  2. Whitelist port in Firefox
  3. Whitelist port in Chromium


Change CSF Web Port

If you decide to go with the route of changing the port assigned to the CSF web interface, you must open the CSF config file /etc/csf/csf.conf and modify the setting UI_PORT:

/etc/csf/csf.conf
UI_PORT = "6666"
/etc/csf/csf.conf
UI_PORT = "8750"


Once you have changed the port, be sure to give CSF's lfd and csf services a restart:

sudo csf -ra



Whitelist Port In Firefox

The second option requires that you open your Firefox browser and add the default port 6666 to the browser's whitelist.

  1. Open Firefox
  2. In the address bar, type about:config.
  3. In the top bar labeled Search perference name, type network.security.ports.banned.override. You should see the setting appear, with options to the right, and a :aetherx-axs-plus: button.
  4. Select the option String, and click the :aetherx-axs-plus: button.
    • Boolean
    • Number
    • String
  5. When the textbox changes, add your custom port 6666 and click the button.
    • You can add multiple ports to the list as long as they are comma delimited: 6666,6667,...
Firefox › Whitelist Port
Firefox › Whitelist Port



Whitelist Port In Chromium

Allowing restricted ports in Google Chrome requires you to take the original Chrome icon, create a shortcut, and modify the target parameter to include the port you wish to whitelist.

  1. Right-click on the Chrome desktop icon / shortcut, and select Properties from the context menu.
  2. In the Google Chrome Properties box, go to the Shortcut tab.
  3. Add the following line at the end of the Target box: 
    --explicitly-allowed-ports=6666
    • To whitelist multiple ports; use a comma delimiter 
      --explicitly-allowed-ports=6666,6667
    • Your target should be something along the lines of: 
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --explicitly-allowed-ports=6666
  4. Click on Apply and then click on OK.
Chrome › Whitelist Port
Chrome › Whitelist Port