Edit report at https://bugs.php.net/bug.php?id=63076&edit=1
ID: 63076 Updated by: ahar...@php.net Reported by: tonix at interazioni dot it Summary: Force source IP on network operations -Status: Open +Status: Feedback Type: Feature/Change Request -Package: Safe Mode/open_basedir +Package: Network related PHP Version: Irrelevant Block user comment: N Private report: N New Comment: You can already do this for any function that accepts a stream context via the bindto context option. Is there a specific case that isn't covered? Previous Comments: ------------------------------------------------------------------------ [2012-09-12 20:08:00] tonix at interazioni dot it Description: ------------ It would nbe nice to have a new security feature in PHP. Actually, a web server receives connections from a specific IP/port, but any PHP script can use any available address on outgoing connections. This can be a security problem. It should be possible to 'force' PHP to open connections only with a spcific IP or with the listening IP.This helps to prevent such problems: * if you have internal interfaces in the same machine where you have public IPs, a web PHP application could try to use the internal address of the interface, exploring internal network (actually we avoid that thanks to FreeBSD jails). * if apache listens on a specific IP for a single domain, and listens on other IPs for others domains, it would be safe if each domain can use as source IP only the listening IP associated. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63076&edit=1
