Which EFT Services listen on HTTP (default 80) or HTTPS (default 443) ports?

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT v7. and later

QUESTION

Which EFT Services listen on HTTP (default 80) or HTTPS (default 443) ports?

ANSWER

EFT has a number of services that if enabled, will start either the HTTP or HTTPS listener (or both), with the port number defined next to either the “HTTP” or “HTTPS” (file transport) toggle in EFT’s Site > Connections tab. (See screen shot below.)

Note that simply disabling the HTTP or HTTPS transport engine may not disable HTTP/S listeners, as there are other services that use those, as described below.

Below is the logic used by EFT to determine whether a particular insecure (not SSL/TLS protected) or secure (SSL/TLS protected) listener is used.

1. EFT starts insecure listener if:

• HTTP is ON for site

• HTTPS is ON for site

OR

• AS2 is ON for site

OR

• Web Services (SOAP) is ON for site

OR

• Account management page is ON for site.

• ASM module is registered

AND

• auto-redirect HTTP->HTTPS redirect is ON for site OR CAC authentication is ON for site

• Via both plaintext and SSL listener

• HTTP is ON for site

AND

• HTTP is ON for user (directly or via inheritance)

AND

• Auto-redirect HTTP->HTTPS redirect is OFF

• HTTPS is ON for site

AND

• HTTPS is ON for user (directly or via inheritance)

OR

• HTTP->HTTPS redirect is ON

• Via SSL listener only

AND

• For authenticated users only

Via SSL listener only

• Via both plaintext and SSL listener*

• Via both plaintext and SSL listener*

• Via both plaintext and SSL listener*

*see above conditions for when connections are processed using insecure vs. secure listener.

• Via SSL listener only (port 4450 by default, located on Server > Administrator tab)

For security best practices:

• Disable HTTP unless you absolutely require it (unlike the HTTPS listener, no other service will start it automatically if it is disabled for transport, under the Site > Connections tab)
• If HTTP is enabled, we recommend you enable the “Redirect all plaintext HTTP traffic to HTTPS”
• Preferably, only enable Account Management if you also plan on enabling HTTPS (for transfers)
• Don’t enable AS2 or MTC/Mobile access if not necessary
• Don’t enable Web Services unless you plan on invoking event rules via SOAP calls
• When using HTTPS, also enable HSTS
• Always use a strong set of ciphers (see Server > Security tab)

The section of EFT in question (not counting 12 above):