Solved

Can php control access to a port?

Posted on 2014-11-15
14
87 Views
Last Modified: 2014-11-17
I've been searching but can't seem to find anything on this.
Can php directly control a tcp port and allow/deny access to it?

Basically, the idea is to have a php function which allows only curl authenticated connections to run a test against the iperf service on the server.

I guess I could allow the client by having php allow it's IP for the connection to the port using iptables but I am hoping there might be a simpler way where php could control access to the port or the service based on the client being authenticated.
0
Comment
Question by:projects
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
14 Comments
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 250 total points
ID: 40445164
Check my server for _REMOTE_PORT here:
http://www.iconoun.com/phpinfo.php

You might be able to test for a value and make a programmatic decision based on the results.  But a better idea might include using RESTful API with client authentication in the request.  You might want to consider OAuth or similar.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40445165
I don't believe it can.  That is a function of the operating system.  The networking software and 'iptables' are encountered long before any PHP code is run.  PHP gets it's request after all of that is done.
0
 

Author Comment

by:projects
ID: 40445167
All of my app is based on curl authentication which means at least I could let php know I am authorized to use such and such.

What ever the solution is, it needs to control that port or service right?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:projects
ID: 40445172
@Dave;

>The networking software and 'iptables' are encountered long before any PHP code is run.  
>PHP gets it's request after all of that is done.

Yes but once a client is authenticated, anything could be changed. Its IP could be allowed in iptables and reloaded very quickly.

However, I would want something where the port is always fully open but where php controls access to it.
Thing is, as mentioned before, that implies that php would have to somehow have full control of that port.
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 250 total points
ID: 40445176
I don't think that is ever going to happen.  Networking and ports are controlled by 'root' and PHP is normally restricted to the web server.  Giving PHP 'root' access is just a really bad idea.  You need to reboot this plan and figure out something else.
0
 

Author Comment

by:projects
ID: 40445182
You're right about not giving php root access but I would not do that.
That's why I'm here looking for ideas by posting :)
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40445197
Why are you trying to use PHP?  I have no idea what a 'curl authenticated connection' is.  Do you have your own server to run this on?

Since iperf must run on both ends of the connection, SSH sounds like an alternative to me.  The problem there is restricting access to run iperf.
0
 

Author Comment

by:projects
ID: 40445213
Php is in the mix because the clients are connecting using authenticated curl to php .
Yes, it's running on my own server.
Using ssh or iperf on the clients, I'm not sure how that restricts access to the clients only. As you mention, that is in fact the question. Trying to find a way of allowing only authenticated clients to run iperf.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40445307
You have to use iperf on the clients because that is the client side of the test.  iperf on the client (in client mode) connects to iperf on the server (in server mode) to run the tests.  http://openmaniak.com/iperf.php
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40445313
I was looking to set up iperf on my systems here and ran into iperf2 and iperf3.  While iperf3 is the most current version, GitHub says that Windows is not yet supported in iperf3.  Iperf2 is supported for both Linux and Windows and Mac so maybe I'll try that.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40445332
I installed iperf2 on a Linux box and on this Windows machine.  I used the Linux box as the server and this machine as the client.  In the most basic test, it tells me that I have 80.3 Mbits/sec connection.
0
 

Author Comment

by:projects
ID: 40445832
Yes, the clients ARE acting as the clients, using -c.
Yes, the whole thing is using Linux. I fear MS anything what so ever.

The tests run just fine but the problem is needing to block public, allowing only my own devices.

The question is how to protect iperf from being abused, allowing only my own authenticated devices to use iperf. The clients (devices) are my own out in the field which need to connect to my server to run their test.

I do not know their IP's BUT php does when the client authenticates for access. I could use that information to quickly allow that IP over iptables for example but since I could have hundreds of devices connecting at the same time, that might not work very well. I don't know if iptables can use an external list of IP's for example, that could work.

Anyhow, looking to cobble something together which will allow only my own devices to use iperf.
0
 

Author Comment

by:projects
ID: 40445968
@Ray;

I don't see anything for remote_port in the link you sent me. I also can't find anything about that searching the net, other than finding the remote port of an incoming connection.
0
 

Author Closing Comment

by:projects
ID: 40448691
In the end, giving php access to controlling iptables is a bad idea, which is a good point. I have found another way of doing this so no need to get weird with php :)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Recently, an awarded photographer, Selina De Maeyer (http://www.selinademaeyer.com/), completed a photo shoot of a beautiful event (http://www.sintjacobantwerpen.be/verslag-en-fotoreportage-van-de-sacramentsprocessie-door-antwerpen#thumbnails) in An…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question