On 9/14/2012 7:20 AM, Ian wrote:
On 12/09/2012 14:53, Tonix (Antonio Nati) wrote:
Is there a way to force a PHP script to bind to a prefixed IP?
Actually, while you can assign more IPs to Apache for listening,
assigning domains to specific IPs, it looks like any PHP script can
freely choose which IP to bind. Instead I'd love some domains are
permitted to open connections only from the domain IP.
In FreeBSD I do it easily, setting up dedicated jails for domains. But
how to do it simply using PHP on Linux?
Regards,
Tonino
Hi,
I think its been established now that this cannot be done by any php
configuration so you will have to use other methods.
You could configure iptables to only allow outgoing packets from
specific IPs using the 'owner' module:
http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO-7.html
(search for 'owner').
There is also SELINUX.
Or you could look at container based virtualisation like OpenVZ.
Regards
Ian
1. |if (function_exists('stream_context_create') &&
function_exists('stream_socket_client')) {|
2. |$socket_options = array('socket' => array('bindto' => '192.0.2.1:0'));|
3. |$socket_context = stream_context_create($socket_options);|
4. |$socket = stream_socket_client('ssl://xmlapi.example.org:9090',
$errno,|
5. |$errstr, 30, STREAM_CLIENT_CONNECT, $socket_context);|
6. |} else {|
7. |$socket = @fsockopen( "ssl://xmlapi.example.org" , 9090 , $errno ,
$errstr , 30 );|
8. |}|
Google is your friend.
