Edit report at https://bugs.php.net/bug.php?id=63076&edit=1
ID: 63076 User updated by: tonix at interazioni dot it Reported by: tonix at interazioni dot it Summary: Force source IP on network operations -Status: Feedback +Status: Open Type: Feature/Change Request Package: Network related PHP Version: Irrelevant Block user comment: N Private report: N New Comment: bindto looks to be a programming option. I'm asking for a PHP directive, similar to OPEN_BASEDIR, which will force the bind address for any function opening/creating a socket or network connection. This should be imposed by the system manager, when there is a multidomain/multiIP apache. It would be useful to have something like: BIND_IP 'x.x.x.x' (specific IP do be used for binding) BIND_LISTEN (force use of IP on which the apache connection is received) Previous Comments: ------------------------------------------------------------------------ [2012-09-13 01:09:38] ahar...@php.net You can already do this for any function that accepts a stream context via the bindto context option. Is there a specific case that isn't covered? ------------------------------------------------------------------------ [2012-09-12 20:08:00] tonix at interazioni dot it Description: ------------ It would nbe nice to have a new security feature in PHP. Actually, a web server receives connections from a specific IP/port, but any PHP script can use any available address on outgoing connections. This can be a security problem. It should be possible to 'force' PHP to open connections only with a spcific IP or with the listening IP.This helps to prevent such problems: * if you have internal interfaces in the same machine where you have public IPs, a web PHP application could try to use the internal address of the interface, exploring internal network (actually we avoid that thanks to FreeBSD jails). * if apache listens on a specific IP for a single domain, and listens on other IPs for others domains, it would be safe if each domain can use as source IP only the listening IP associated. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63076&edit=1
