Ok, I did find a solution by accident.
I just blocked all tcp requests on port 80 and 443 comming from my own
outside IP. Since I have a couple of servers, I just dropped the
following into rc.local on all of them:
# Blocking url_fopen requests
ownip=`curl -s http://checkip.dyndns.org | awk '{
Thanks for the infos.
I read through the very interesting post, but I did not find it to be a
solution for my problem.
I tried to limit connections with iptables, but it did not work out. I'm
not an expert at this, I tried like it is described here:
http://www.linux-noob.com/forums/index.php?sh
I know that the same is possible using curl, but with url_fopen on it's
just way easier.
We also allready use the suhosin patch & extension, but there is no
directive to limit fopen, you can just limit include directives.
We also have a limited number of requests, but that's not the point. The
I might be wrong but I think your problem goes beyond allowing URLs in
fopen. A user could just as well use cURL to build a self-calling script.
You might need to put a filter on apache on the number of requests (what's
the version of apache?).
The usual problem with allowing URLs in fopen and in
4 matches
Mail list logo
