I want to get the source endpoint .
Basically i want to block some ips by geting the port/ip from tcp/ip headers not from http header. Are there any built in methods for PHP to achieve that or i should do a workaround ?
If you are just looking to block some IP from your website the $_SERVER['REMOTE_ADDR'] variable holds the IP. If you need to block the request before it even gets to your webserver, GordonM is right, a firewall is what you need.
PHP is too high up the networking stack to do this. Once the PHP script starts the connection is already initiated. If you want to block certain IP/port combinations then you have to do it at a lower level in the network stack. A firewall is built for exactly this job, you need to set one up to enforce the restrictions you want.
Related
Is there a way to detect if a bot is scanning your website/server for open ports with PHP? I googled this but i only found scripts to make a port scanner with php.
PHP is probably not the best language to do this as PHP mainly just meant to run whenever a client makes a request.
I imagine you'd need to interface with the OS directly to do this to capture network traffic on specific ports, which isn't one of PHPs strongsuits either.
You can then either try to inspect the incoming payload and determine whether it is a port scanner. Or you could keep a log with to count the total amount of different ports a single machine has connected to and block based on that.
I'm looking to crawl different URLs from different countries programatically through PHP so I can record where they go. This will be to check to make sure the links really go to where they should go to. (Not a dead link, ect.) The URL will automatically route me elsewhere if the specified country doesn't match so I'm looking for a VPN service with multiple countries that accepts requests from PHP. Something I can send simple requests to visit a URL and just tell me back the URLs it jumped through to get there and which URL it ended on.
I understand PHP doesn't care what IP I'm on but maybe there is a service out there that does this. Can anyone point me in the right direction of a service that works like that or maybe have a better solution for doing this? It can't be manual solution. It must be something that can work with code automatically.
Thanks!
I recommended to use any VPN service offering SOCKS-proxies or OpenVPN. Both options are well documеnted and don't require extraordinary skills or privileges to run.
Usually those services offer tons of ready to use configuration files, so you'll be able to easily switch exit gateway countries from your scripts.
The largest VPN provider is hidemyass.com, the list of alternatives you can google or find here: https://vpntips.com/hidemyass-alternatives/
Another option is to use TOR network and choose exit countries. Yes, it has such option: https://www.torproject.org/docs/faq.html.en#ChooseEntryExit .
But TOR is usually overloaded and will give you many false failures, timeouts and a full range of other connectivity troubles.
Is there a simple way to detect all outside calls from PHP?
In an open sourced project I have a lot of 3rd party scripts. With use of new relic I was able to debug long execution times leading back to some of this scripts making calls back to their servers.
I dont mind this but I want to know what data this scripts are sending and most of all I dont want to have slow site when 3rd party script server is down or not accessible.
Is there an easy way to log all curl, file get contents etc requests?
Thanks!
You are searching for a packet sniffer. Usually you'll use tcpdump and/or wireshark.
http://wiki.ubuntuusers.de/tcpdump
https://www.wireshark.org/
There are many solutions, but my preferred is
You build your own proxy : example a dedicated Apache Server (it can running in the same IP but different port who will handle this type of operations). After that, you change all of your old URL to pass by your proxy
Imagine that you have this in your code : curl_init('www.google.com'); so you have to change it by: curl_init('http://localhost:8090/CALLS_OUTSIDE_PHP_CONTROLLER.php?url_to_redirect=www.google.com');
The PHP controller running under 8090 can do many operations as : blacklist/whitelist some urls, doing regular URL check in background... many cool stuff
I will try to make my first post here as interesting as possible.
Lately I have been interested in the feasibility of handling WebSocket requests on a shared hosting server.
Please don't tell me "upgrade your plan". All this would be trivial on at least a VPS. I realize that.
As many know, shared hosts will...
Kill a daemon if they see one
Block usage of server sockets
Deny you shell access
Keep apache off limits (no module installations)
These restrictions eliminate phpwebsocket, python altogether. A no-daemon solution that masquerades as a web page is needed.
PHP being my favorite server-side language, I crafted a PHP websocket gateway posing as a web page.
So far I have been successful in sending the right headers for the handshake and streaming output (using output buffering), but I still can't figure out how to continue to read data after the initial request.
In short, I want to continue to receive data from the client even after the PHP script is started. I have tried reading the php://input pseudofile, but I can't seem to get any more reads out of it after the end of the GET. Is there any setting or hack that will allow this?
Thanks!
the short version: What you're trying to do is simply not possible.
the long version: the best you can get is a oneway communication channel that looks like a websocket connection in your browser, but that only works on one direction. From the server to the browser. The other direction will simply not work, because the webserver isn't aware that you're trying to use a different protocol than HTTP, and there is no way of telling it. At least not in the scenario you just outlined.
Your problem here is Apache itself. Once Apache has read the first HTTP request (the websocket handshake) it will continue reading from the TCP connection for any additional HTTP requests. Thus any new data send on the TCP connection will never be passed on to your script. This is necessary as the HTTP/1.1 protocol supports Keep-Alive by default meaning multiple Request/Response cycles are done on one TCP connection. The browser doesn't open a HTTP connection for each request (which was the default in HTTP/1.0). You can't change this behavior. To implement a websocket server you will need to setup your own socket.
After the WebSocket handshake is done, it works pretty much like regular sockets. There is no reason why Apache would allow unidirectional communication without headers.
I'm looking for a way to keep track of a HTTP 1.1 connection kept alive across requests, in order to get a ftp-like session.
The idea would be to have an authentication at first request, and then, keeping the authentication valid while the socket is still open (with HTTP 1.1 keep-alive feature).
I've been searching for such a solution without much success until here.
I'm looking for information, such as:
is there somewhere a socket ID available from apache in PHP?
is there a module allowing to add information to an HTTP 1.1 connection (something that could be used from PHP)?
Any other idea?
You can't do that.
I don't think Apache (or any web server, for that matter) exposes socket IDs to a PHP script. But it may be possible to uniquely identify a connection using $_SERVER['REMOTE_ADDR'] and $_SERVER['REMOTE_PORT'] because the same client can't initiate two connections to the same server from the same ephemeral port at the same time.
But even if you do this, the keep-alive session probably won't stay around long enough to allow for meaningful human interaction like FTP does. Most keep-alive sessions are automatically terminated after 5-15 seconds, depending on your web server's configuration. You may be able to tweak this, but it's a very bad idea to keep connections alive for longer than that, especially when using Apache with mod_php, because a long-lasting connection can monopolize server resources at the expense of other users. Besides, computers and routers tend to reuse ephemeral ports, so there's no guarantee that you're talking to the same user. Things get even more complicated when you take into account all the proxies and reverse proxies that people use every day.
Just use sessions and/or cookies. They always work.
If you are not limited to apache, and can simply run php scripts I think you can do it.
http://php.net/manual/en/book.sockets.php
PHP allows you to open a specific port and have low level read writes on it. This way you can write any existing or your own protocols.
For this particular situation, you can have apache running on a non-http port and listen the http port from custom PHP script. You shall then authenticate the request on connection; append a custom header(call it myauth) for user and then forward the request to apache. Make sure you filter out the myauth header while reading the original http request.