Solved

Can php control access to a port?

Posted on 2014-11-15
14
82 Views
Last Modified: 2014-11-17
I've been searching but can't seem to find anything on this.
Can php directly control a tcp port and allow/deny access to it?

Basically, the idea is to have a php function which allows only curl authenticated connections to run a test against the iperf service on the server.

I guess I could allow the client by having php allow it's IP for the connection to the port using iptables but I am hoping there might be a simpler way where php could control access to the port or the service based on the client being authenticated.
0
Comment
Question by:projects
  • 7
  • 6
14 Comments
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 250 total points
ID: 40445164
Check my server for _REMOTE_PORT here:
http://www.iconoun.com/phpinfo.php

You might be able to test for a value and make a programmatic decision based on the results.  But a better idea might include using RESTful API with client authentication in the request.  You might want to consider OAuth or similar.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40445165
I don't believe it can.  That is a function of the operating system.  The networking software and 'iptables' are encountered long before any PHP code is run.  PHP gets it's request after all of that is done.
0
 

Author Comment

by:projects
ID: 40445167
All of my app is based on curl authentication which means at least I could let php know I am authorized to use such and such.

What ever the solution is, it needs to control that port or service right?
0
 

Author Comment

by:projects
ID: 40445172
@Dave;

>The networking software and 'iptables' are encountered long before any PHP code is run.  
>PHP gets it's request after all of that is done.

Yes but once a client is authenticated, anything could be changed. Its IP could be allowed in iptables and reloaded very quickly.

However, I would want something where the port is always fully open but where php controls access to it.
Thing is, as mentioned before, that implies that php would have to somehow have full control of that port.
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 250 total points
ID: 40445176
I don't think that is ever going to happen.  Networking and ports are controlled by 'root' and PHP is normally restricted to the web server.  Giving PHP 'root' access is just a really bad idea.  You need to reboot this plan and figure out something else.
0
 

Author Comment

by:projects
ID: 40445182
You're right about not giving php root access but I would not do that.
That's why I'm here looking for ideas by posting :)
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40445197
Why are you trying to use PHP?  I have no idea what a 'curl authenticated connection' is.  Do you have your own server to run this on?

Since iperf must run on both ends of the connection, SSH sounds like an alternative to me.  The problem there is restricting access to run iperf.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:projects
ID: 40445213
Php is in the mix because the clients are connecting using authenticated curl to php .
Yes, it's running on my own server.
Using ssh or iperf on the clients, I'm not sure how that restricts access to the clients only. As you mention, that is in fact the question. Trying to find a way of allowing only authenticated clients to run iperf.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40445307
You have to use iperf on the clients because that is the client side of the test.  iperf on the client (in client mode) connects to iperf on the server (in server mode) to run the tests.  http://openmaniak.com/iperf.php
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40445313
I was looking to set up iperf on my systems here and ran into iperf2 and iperf3.  While iperf3 is the most current version, GitHub says that Windows is not yet supported in iperf3.  Iperf2 is supported for both Linux and Windows and Mac so maybe I'll try that.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40445332
I installed iperf2 on a Linux box and on this Windows machine.  I used the Linux box as the server and this machine as the client.  In the most basic test, it tells me that I have 80.3 Mbits/sec connection.
0
 

Author Comment

by:projects
ID: 40445832
Yes, the clients ARE acting as the clients, using -c.
Yes, the whole thing is using Linux. I fear MS anything what so ever.

The tests run just fine but the problem is needing to block public, allowing only my own devices.

The question is how to protect iperf from being abused, allowing only my own authenticated devices to use iperf. The clients (devices) are my own out in the field which need to connect to my server to run their test.

I do not know their IP's BUT php does when the client authenticates for access. I could use that information to quickly allow that IP over iptables for example but since I could have hundreds of devices connecting at the same time, that might not work very well. I don't know if iptables can use an external list of IP's for example, that could work.

Anyhow, looking to cobble something together which will allow only my own devices to use iperf.
0
 

Author Comment

by:projects
ID: 40445968
@Ray;

I don't see anything for remote_port in the link you sent me. I also can't find anything about that searching the net, other than finding the remote port of an incoming connection.
0
 

Author Closing Comment

by:projects
ID: 40448691
In the end, giving php access to controlling iptables is a bad idea, which is a good point. I have found another way of doing this so no need to get weird with php :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now