php-general Digest 15 Sep 2012 01:40:37 -0000 Issue 7964
Topics (messages 319082 through 319091):
Re: How to limit source IP in PHP
319082 by: Ian
319085 by: Curtis Maurand
319087 by: Jim Lucas
319088 by: Jim Lucas
319089 by: Tonix (Antonio Nati)
319090 by: Stuart Dallas
How to track for Allowed memory size ?
319083 by: Ivan Dimitrov
Re: Programmers and developers needed
319084 by: Robert Cummings
319086 by: Tim Dunphy
Re: PHP Threading on Windows
319091 by: Joe Watkins
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On 12/09/2012 14:53, Tonix (Antonio Nati) wrote:
>
> Is there a way to force a PHP script to bind to a prefixed IP?
>
> Actually, while you can assign more IPs to Apache for listening,
> assigning domains to specific IPs, it looks like any PHP script can
> freely choose which IP to bind. Instead I'd love some domains are
> permitted to open connections only from the domain IP.
>
> In FreeBSD I do it easily, setting up dedicated jails for domains. But
> how to do it simply using PHP on Linux?
>
> Regards,
>
> Tonino
Hi,
I think its been established now that this cannot be done by any php
configuration so you will have to use other methods.
You could configure iptables to only allow outgoing packets from
specific IPs using the 'owner' module:
http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO-7.html
(search for 'owner').
There is also SELINUX.
Or you could look at container based virtualisation like OpenVZ.
Regards
Ian
--
--- End Message ---
--- Begin Message ---
On 9/14/2012 7:20 AM, Ian wrote:
On 12/09/2012 14:53, Tonix (Antonio Nati) wrote:
Is there a way to force a PHP script to bind to a prefixed IP?
Actually, while you can assign more IPs to Apache for listening,
assigning domains to specific IPs, it looks like any PHP script can
freely choose which IP to bind. Instead I'd love some domains are
permitted to open connections only from the domain IP.
In FreeBSD I do it easily, setting up dedicated jails for domains. But
how to do it simply using PHP on Linux?
Regards,
Tonino
Hi,
I think its been established now that this cannot be done by any php
configuration so you will have to use other methods.
You could configure iptables to only allow outgoing packets from
specific IPs using the 'owner' module:
http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO-7.html
(search for 'owner').
There is also SELINUX.
Or you could look at container based virtualisation like OpenVZ.
Regards
Ian
1. |if (function_exists('stream_context_create') &&
function_exists('stream_socket_client')) {|
2. |$socket_options = array('socket' => array('bindto' => '192.0.2.1:0'));|
3. |$socket_context = stream_context_create($socket_options);|
4. |$socket = stream_socket_client('ssl://xmlapi.example.org:9090',
$errno,|
5. |$errstr, 30, STREAM_CLIENT_CONNECT, $socket_context);|
6. |} else {|
7. |$socket = @fsockopen( "ssl://xmlapi.example.org" , 9090 , $errno ,
$errstr , 30 );|
8. |}|
Google is your friend.
--- End Message ---
--- Begin Message ---
On 09/12/2012 08:21 AM, Daniel Brown wrote:
On Wed, Sep 12, 2012 at 10:18 AM, Tonix (Antonio Nati)
<to...@interazioni.it> wrote:
Is PHP able to 'force' binding IP? I hoped there was an external directive I
did not see, but probably this is a PHP lack.
Not at all. Essentially, PHP is an interface to underlying
software, OS commands, and APIs. You'd have to configure the system
to bind requests, as PHP does not presently have that capability (and,
to my knowledge, there's no plan to change that).
Daniel,
Correct me if I wrong, but you could use the stream_* functions within a
process running as a daemon that can listen on a given IP:port . I do
this on my php scripts right now.
It accepts, processes, and responds to the client connections without
the need of any other applications. And, it responds to the client from
the IP & PORT that the client made the connection to.
--
Jim Lucas
http://www.cmsws.com/
http://www.cmsws.com/examples/
--- End Message ---
--- Begin Message ---
On 09/13/2012 04:15 PM, Tonix (Antonio Nati) wrote:
Jim, sorry but you did not read carefully my posts.
Since the fist post, I ALWAYS spoke about connections a PHP script may
open autonomously (what you name second connection).
I'm never speaking about listening/intercepting/using the original HTTP
request.
Then why did you bring up apache? That seems to be the source of
confusion...
It is well clear for anyone with a minimum knowledge of programming in
apache that only apache listens and answers from the binded port of httpd.
And, of course, any program/script/binary called from apache, will
return his data to apache, and apache only will send them back to the
original requester.
That is why your mentioning Apache confused me (and probably others).
At the same time it is well clear too that each called
program/script/binary may live autonomously before returning data to
apache, and do whatever action it requires to do, including the opening
of a network socket to an external or internal server.
Your still talking about Apache...
And this is true for any language, from perl to C to PHP.
Only first two replies understood the initial request, all other just
added confusion to the thread.
Regards,
Tonino
Which is it that you are talking about? PHP running through Apache or a
dedicated PHP script running on its own as a daemon?
--
Jim Lucas
http://www.cmsws.com/
http://www.cmsws.com/examples/
--- End Message ---
--- Begin Message ---
Il 14/09/2012 21:19, Jim Lucas ha scritto:
On 09/13/2012 04:15 PM, Tonix (Antonio Nati) wrote:
Jim, sorry but you did not read carefully my posts.
Since the fist post, I ALWAYS spoke about connections a PHP script may
open autonomously (what you name second connection).
I'm never speaking about listening/intercepting/using the original HTTP
request.
Then why did you bring up apache? That seems to be the source of
confusion...
There is no confusion at all.
When a script is executing under apache, it can do whatever it wants
(within its permissions of course), opening other sockets and making any
kind of processing and IO. It does not interphere with apache
connections, it just uses new connections.
So, my request is clear: how to force a PHP script to bind only to
permitted IP (i.e. using directive similar to OPEN_BASEDIR).
The answer is clear. Actually PHP cannot force a PHP script to bind only
to specific IPs.
So I've filed a request in PHP bug's repository for examining this
possibility.
In a multi IP apache configuration, I feel right each PHP script should
only (eventually) bind to the IP where the connection is received, or to
a permitted IP.
Hope this helps.
Tonino
--
------------------------------------------------------------
Inter@zioni Interazioni di Antonio Nati
http://www.interazioni.it to...@interazioni.it
------------------------------------------------------------
--- End Message ---
--- Begin Message ---
Sorry for the top post but I don't have my laptop with me and, well frankly
I'm too tired to be arsed!
I think the confusion is coming from the word bind. I don't think man
people at aware of he difference between binding a socket and having it
listen on the port to which it's bound.
People... when you make an outgoing connect ion (using the curl functions,
the socket functions, or whatever), the socket is bound to an IP and
arbitrary port on the network interface over which the connection is being
made. Antonio is wanting to specify which IP address on the interface is
used (this is the IP address from which the other end will see the
connection coming).
This is not hard to understand but it's not well known that the bonding
process happens to both ends of a socket connection, and from what I've
seen nobody has bothered to explain that.
Apache, nginx, whatever the web server is has nothing to do with the
question. I hope that helps clear it up for those who are confused.
-Stuart
--
Sent from my leaf blower
On 14 Sep 2012 21:01, "Tonix (Antonio Nati)" <to...@interazioni.it> wrote:
> Il 14/09/2012 21:19, Jim Lucas ha scritto:
>
>> On 09/13/2012 04:15 PM, Tonix (Antonio Nati) wrote:
>>
>>>
>>> Jim, sorry but you did not read carefully my posts.
>>>
>>> Since the fist post, I ALWAYS spoke about connections a PHP script may
>>> open autonomously (what you name second connection).
>>>
>>> I'm never speaking about listening/intercepting/using the original HTTP
>>> request.
>>>
>>
>> Then why did you bring up apache? That seems to be the source of
>> confusion...
>>
>>
> There is no confusion at all.
>
> When a script is executing under apache, it can do whatever it wants
> (within its permissions of course), opening other sockets and making any
> kind of processing and IO. It does not interphere with apache connections,
> it just uses new connections.
>
> So, my request is clear: how to force a PHP script to bind only to
> permitted IP (i.e. using directive similar to OPEN_BASEDIR).
>
> The answer is clear. Actually PHP cannot force a PHP script to bind only
> to specific IPs.
>
> So I've filed a request in PHP bug's repository for examining this
> possibility.
>
> In a multi IP apache configuration, I feel right each PHP script should
> only (eventually) bind to the IP where the connection is received, or to a
> permitted IP.
>
> Hope this helps.
>
> Tonino
>
>
>
> --
> ------------------------------**------------------------------
> Inter@zioni Interazioni di Antonio Nati
> http://www.interazioni.it to...@interazioni.it
> ------------------------------**------------------------------
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Hello,
is there a way how to track for allowed memory size on ? I receive this
error in one class that process sql querys. I want to check somehow when
query is processed do php return this error and if this is happened to
log sql query in file to can I optimize it latter.
I.D.
--- End Message ---
--- Begin Message ---
On 12-09-13 06:10 PM, Ashley Sheridan wrote:
On Thu, 2012-09-13 at 16:48 -0400, Tedd Sperling wrote:
On Sep 13, 2012, at 3:45 AM, agbo onyador <onya...@gmail.com> wrote:
Hello there! We are looking for programmers and developers to create a
world wide system. Your comments are welcome.
Wow!
I'm looking for world wide money.
tedd
Join the queue...
There's a queue? Bah humbug... I've been waiting for delivery all this time.
Cheers,
Rob.
--
E-Mail Disclaimer: Information contained in this message and any
attached documents is considered confidential and legally protected.
This message is intended solely for the addressee(s). Disclosure,
copying, and distribution are prohibited unless authorized.
--- End Message ---
--- Begin Message ---
On Fri, Sep 14, 2012 at 3:00 PM, Robert Cummings <rob...@interjinn.com>wrote:
> On 12-09-13 06:10 PM, Ashley Sheridan wrote:
>
>> On Thu, 2012-09-13 at 16:48 -0400, Tedd Sperling wrote:
>>
>> On Sep 13, 2012, at 3:45 AM, agbo onyador <onya...@gmail.com> wrote:
>>>
>>> Hello there! We are looking for programmers and developers to create a
>>>> world wide system. Your comments are welcome.
>>>>
>>>
>>> Wow!
>>>
>>> I'm looking for world wide money.
>>>
>>>
>>> tedd
>>>
>>
>>
>> Join the queue...
>>
>
> There's a queue? Bah humbug... I've been waiting for delivery all this
> time.
>
>
> Cheers,
> Rob.
> --
> E-Mail Disclaimer: Information contained in this message and any
> attached documents is considered confidential and legally protected.
> This message is intended solely for the addressee(s). Disclosure,
> copying, and distribution are prohibited unless authorized.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
I hear that there's this thing-a-ma-jig called the world wide web.. do we
really need a world WIDER web? maybe that's what they have in mind! <holds
cup out to african royalty>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
--- End Message ---
--- Begin Message ---
On 14/09/2012 04:42, tamouse mailing lists wrote:
On Thu, Sep 13, 2012 at 9:32 PM, admin <ad...@buskirkgraphics.com> wrote:
It has been suggested:
That because php does not support PCNTL threading on Windows that
multiple services of php are an alternative.
I am interested in this theory, if anyone is currently working on a project
that (forks) processes off to another instance or service of PHP on windows
please let me know.
In some of my latest development I have some rather large processes that
consume the single instance of PHP, threading these off would be ideal.
Example:
$tmpsrv=win32_query =win32_create_service(array(
'params' => __FILE__." install",
'service' => 'Name_of_the_service',
'display' => 'Name of service to be displayed in the service list'
));
Any windows php developers have ideas, comments on this suggestion?
I'm interested in the answer to this as well.
https://github.com/krakjoe/pthreads
Windows Download on downloads page, it's a couple of days behind. Keep
watching ... enough to get you started ...
Sorry if this gets sent twice, the news server or my internet connection
dropped out ...
Enjoy
--- End Message ---
