Solved

Can php control access to a port?

Posted on 2014-11-15
14
80 Views
Last Modified: 2014-11-17
I've been searching but can't seem to find anything on this.
Can php directly control a tcp port and allow/deny access to it?

Basically, the idea is to have a php function which allows only curl authenticated connections to run a test against the iperf service on the server.

I guess I could allow the client by having php allow it's IP for the connection to the port using iptables but I am hoping there might be a simpler way where php could control access to the port or the service based on the client being authenticated.
0
Comment
Question by:projects
  • 7
  • 6
14 Comments
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 250 total points
Comment Utility
Check my server for _REMOTE_PORT here:
http://www.iconoun.com/phpinfo.php

You might be able to test for a value and make a programmatic decision based on the results.  But a better idea might include using RESTful API with client authentication in the request.  You might want to consider OAuth or similar.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
I don't believe it can.  That is a function of the operating system.  The networking software and 'iptables' are encountered long before any PHP code is run.  PHP gets it's request after all of that is done.
0
 

Author Comment

by:projects
Comment Utility
All of my app is based on curl authentication which means at least I could let php know I am authorized to use such and such.

What ever the solution is, it needs to control that port or service right?
0
 

Author Comment

by:projects
Comment Utility
@Dave;

>The networking software and 'iptables' are encountered long before any PHP code is run.  
>PHP gets it's request after all of that is done.

Yes but once a client is authenticated, anything could be changed. Its IP could be allowed in iptables and reloaded very quickly.

However, I would want something where the port is always fully open but where php controls access to it.
Thing is, as mentioned before, that implies that php would have to somehow have full control of that port.
0
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 250 total points
Comment Utility
I don't think that is ever going to happen.  Networking and ports are controlled by 'root' and PHP is normally restricted to the web server.  Giving PHP 'root' access is just a really bad idea.  You need to reboot this plan and figure out something else.
0
 

Author Comment

by:projects
Comment Utility
You're right about not giving php root access but I would not do that.
That's why I'm here looking for ideas by posting :)
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
Why are you trying to use PHP?  I have no idea what a 'curl authenticated connection' is.  Do you have your own server to run this on?

Since iperf must run on both ends of the connection, SSH sounds like an alternative to me.  The problem there is restricting access to run iperf.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:projects
Comment Utility
Php is in the mix because the clients are connecting using authenticated curl to php .
Yes, it's running on my own server.
Using ssh or iperf on the clients, I'm not sure how that restricts access to the clients only. As you mention, that is in fact the question. Trying to find a way of allowing only authenticated clients to run iperf.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
You have to use iperf on the clients because that is the client side of the test.  iperf on the client (in client mode) connects to iperf on the server (in server mode) to run the tests.  http://openmaniak.com/iperf.php
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
I was looking to set up iperf on my systems here and ran into iperf2 and iperf3.  While iperf3 is the most current version, GitHub says that Windows is not yet supported in iperf3.  Iperf2 is supported for both Linux and Windows and Mac so maybe I'll try that.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
I installed iperf2 on a Linux box and on this Windows machine.  I used the Linux box as the server and this machine as the client.  In the most basic test, it tells me that I have 80.3 Mbits/sec connection.
0
 

Author Comment

by:projects
Comment Utility
Yes, the clients ARE acting as the clients, using -c.
Yes, the whole thing is using Linux. I fear MS anything what so ever.

The tests run just fine but the problem is needing to block public, allowing only my own devices.

The question is how to protect iperf from being abused, allowing only my own authenticated devices to use iperf. The clients (devices) are my own out in the field which need to connect to my server to run their test.

I do not know their IP's BUT php does when the client authenticates for access. I could use that information to quickly allow that IP over iptables for example but since I could have hundreds of devices connecting at the same time, that might not work very well. I don't know if iptables can use an external list of IP's for example, that could work.

Anyhow, looking to cobble something together which will allow only my own devices to use iperf.
0
 

Author Comment

by:projects
Comment Utility
@Ray;

I don't see anything for remote_port in the link you sent me. I also can't find anything about that searching the net, other than finding the remote port of an incoming connection.
0
 

Author Closing Comment

by:projects
Comment Utility
In the end, giving php access to controlling iptables is a bad idea, which is a good point. I have found another way of doing this so no need to get weird with php :)
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now