Re: How to limit source IP in PHP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 14/09/2012 20:08, Curtis Maurand wrote:
> On 9/14/2012 7:20 AM, Ian wrote:
>> On 12/09/2012 14:53, Tonix (Antonio Nati) wrote:
>>> Is there a way to force a PHP script to bind to a prefixed IP?
>>>
>>> Actually, while you can assign more IPs to Apache for listening,
>>> assigning domains to specific IPs, it looks like any PHP script can
>>> freely choose which IP to bind. Instead I'd love some domains are
>>> permitted to open connections only from the domain IP.
>>>
>>> In FreeBSD I do it easily, setting up dedicated jails for domains. But
>>> how to do it simply using PHP on Linux?
>>>
>>> Regards,
>>>
>>> Tonino
>> Hi,
>>
>> I think its been established now that this cannot be done by any php
>> configuration so you will have to use other methods.
>>
>>
>> You could configure iptables to only allow outgoing packets from
>> specific IPs using the 'owner' module:
>>
>> http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO-7.html
>>
>>   (search for 'owner').
>>
>>
>> There is also SELINUX.
>>
>>
>> Or you could look at container based virtualisation like OpenVZ.
>>
>>
>> Regards
>>
>> Ian
> 
> 1. |if (function_exists('stream_context_create') &&
>    function_exists('stream_socket_client')) {|
> 2. |$socket_options = array('socket' => array('bindto' => '192.0.2.1:0'));|
> 3. |$socket_context = stream_context_create($socket_options);|
> 4. |$socket = stream_socket_client('ssl://xmlapi.example.org:9090',
>    $errno,|
> 5. |$errstr, 30, STREAM_CLIENT_CONNECT, $socket_context);|
> 6. |} else {|
> 7. |$socket = @fsockopen( "ssl://xmlapi.example.org" , 9090 , $errno ,
>    $errstr , 30 );|
> 8. |}|
> 
> Google is your friend.
> 
> 
Hi Curtis,

I am suffering from sleep deprivation due to a new family addition and I
fail to see how your code will prevent a malicious user from binding to
an IP that I do not want him to.  It appears to be an example of how to
bind to an IP, not how to prevent it.

Could you please explain?

Regards

Ian
-- 





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux