Avatar of projects
projects
 asked on

Can php control access to a port?

I've been searching but can't seem to find anything on this.
Can php directly control a tcp port and allow/deny access to it?

Basically, the idea is to have a php function which allows only curl authenticated connections to run a test against the iperf service on the server.

I guess I could allow the client by having php allow it's IP for the connection to the port using iptables but I am hoping there might be a simpler way where php could control access to the port or the service based on the client being authenticated.
PHPShell Scripting

Avatar of undefined
Last Comment
projects

8/22/2022 - Mon
SOLUTION
Ray Paseur

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Dave Baldwin

I don't believe it can.  That is a function of the operating system.  The networking software and 'iptables' are encountered long before any PHP code is run.  PHP gets it's request after all of that is done.
projects

ASKER
All of my app is based on curl authentication which means at least I could let php know I am authorized to use such and such.

What ever the solution is, it needs to control that port or service right?
projects

ASKER
@Dave;

>The networking software and 'iptables' are encountered long before any PHP code is run.  
>PHP gets it's request after all of that is done.

Yes but once a client is authenticated, anything could be changed. Its IP could be allowed in iptables and reloaded very quickly.

However, I would want something where the port is always fully open but where php controls access to it.
Thing is, as mentioned before, that implies that php would have to somehow have full control of that port.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER CERTIFIED SOLUTION
Dave Baldwin

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
projects

ASKER
You're right about not giving php root access but I would not do that.
That's why I'm here looking for ideas by posting :)
Dave Baldwin

Why are you trying to use PHP?  I have no idea what a 'curl authenticated connection' is.  Do you have your own server to run this on?

Since iperf must run on both ends of the connection, SSH sounds like an alternative to me.  The problem there is restricting access to run iperf.
projects

ASKER
Php is in the mix because the clients are connecting using authenticated curl to php .
Yes, it's running on my own server.
Using ssh or iperf on the clients, I'm not sure how that restricts access to the clients only. As you mention, that is in fact the question. Trying to find a way of allowing only authenticated clients to run iperf.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Dave Baldwin

You have to use iperf on the clients because that is the client side of the test.  iperf on the client (in client mode) connects to iperf on the server (in server mode) to run the tests.  http://openmaniak.com/iperf.php
Dave Baldwin

I was looking to set up iperf on my systems here and ran into iperf2 and iperf3.  While iperf3 is the most current version, GitHub says that Windows is not yet supported in iperf3.  Iperf2 is supported for both Linux and Windows and Mac so maybe I'll try that.
Dave Baldwin

I installed iperf2 on a Linux box and on this Windows machine.  I used the Linux box as the server and this machine as the client.  In the most basic test, it tells me that I have 80.3 Mbits/sec connection.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
projects

ASKER
Yes, the clients ARE acting as the clients, using -c.
Yes, the whole thing is using Linux. I fear MS anything what so ever.

The tests run just fine but the problem is needing to block public, allowing only my own devices.

The question is how to protect iperf from being abused, allowing only my own authenticated devices to use iperf. The clients (devices) are my own out in the field which need to connect to my server to run their test.

I do not know their IP's BUT php does when the client authenticates for access. I could use that information to quickly allow that IP over iptables for example but since I could have hundreds of devices connecting at the same time, that might not work very well. I don't know if iptables can use an external list of IP's for example, that could work.

Anyhow, looking to cobble something together which will allow only my own devices to use iperf.
projects

ASKER
@Ray;

I don't see anything for remote_port in the link you sent me. I also can't find anything about that searching the net, other than finding the remote port of an incoming connection.
projects

ASKER
In the end, giving php access to controlling iptables is a bad idea, which is a good point. I have found another way of doing this so no need to get weird with php :)
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.