Kurt Seifried wrote: > not allow it to request things). If you want to be really anal simply > disallow any outgoing connection attempts for TCP SYN, this will prevent
i love bofh solutions and have to agree with Seifried in php you can do this by allow_url_fopen 0 allow_url_fopen "1" PHP_INI_SYSTEM PHP_INI_ALL in PHP <= 4.3.4. Available since PHP 4.0.4. this don't stop your clients from using functions like fsockopen and socket_ so people that need to fetch remote data is still able use these functions and handle a simple http get request manually this is like open_basedir that doesn't affect (naturally) exec/system/shell_exec/proc_/passthru/backtick functions anyway filter the outgoing traffic != allow_url_fopen 0 also a transparent squid on the gateway of your web servers could be a good idea to identify abuses regards, Francesco 'ascii' Ongaro, http://www.ush.it/
