Scenario
I have two folders on an Apache2 server running mod_php using PHP5.
Scripts in folder A should be allowed to make outgoing requests via the network DB(PDO)/SOAP/curl/etc.
Scripts in folder B should only be allowed to make outgoing requests to a specific list of IP addresses.
Possible Solutions
- Run multiple logical boxes and consider the problem a firewall issue.
- Drastically modify php/mod_php/apache
- Use suPHP to change UID, then use iptables to block based on UID.
Option 1 is at least feasible, where option 2 is un-maintable long term.
I’m wondering if I’m missing solutions here. I have a descent knowledge of how php and apache interact, but I’m unaware if there is some way to create some behavior through configuration. Also, my limited knowledge of linux firewalls doesn’t indicate any way to do such a task without separating the php scripts onto two separate apache installations anyways.
If you have any suggestions drop me a line at scott.markwell@gmail.com
Other Information
php.ini doesn’t provide any configuration options to limit out going requests.