On 14/09/2012 20:08, Curtis Maurand wrote: > On 9/14/2012 7:20 AM, Ian wrote: >> On 12/09/2012 14:53, Tonix (Antonio Nati) wrote: >>> Is there a way to force a PHP script to bind to a prefixed IP? >>> >>> Actually, while you can assign more IPs to Apache for listening, >>> assigning domains to specific IPs, it looks like any PHP script can >>> freely choose which IP to bind. Instead I'd love some domains are >>> permitted to open connections only from the domain IP. >>> >>> In FreeBSD I do it easily, setting up dedicated jails for domains. But >>> how to do it simply using PHP on Linux? >>> >>> Regards, >>> >>> Tonino >> Hi, >> >> I think its been established now that this cannot be done by any php >> configuration so you will have to use other methods. >> >> >> You could configure iptables to only allow outgoing packets from >> specific IPs using the 'owner' module: >> >> http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO-7.html >> >> (search for 'owner'). >> >> >> There is also SELINUX. >> >> >> Or you could look at container based virtualisation like OpenVZ. >> >> >> Regards >> >> Ian > > 1. |if (function_exists('stream_context_create') && > function_exists('stream_socket_client')) {| > 2. |$socket_options = array('socket' => array('bindto' => '192.0.2.1:0'));| > 3. |$socket_context = stream_context_create($socket_options);| > 4. |$socket = stream_socket_client('ssl://xmlapi.example.org:9090', > $errno,| > 5. |$errstr, 30, STREAM_CLIENT_CONNECT, $socket_context);| > 6. |} else {| > 7. |$socket = @fsockopen( "ssl://xmlapi.example.org" , 9090 , $errno , > $errstr , 30 );| > 8. |}| > > Google is your friend. > > Hi Curtis,
I am suffering from sleep deprivation due to a new family addition and I fail to see how your code will prevent a malicious user from binding to an IP that I do not want him to. It appears to be an example of how to bind to an IP, not how to prevent it. Could you please explain? Regards Ian -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
