On a Red Hat-based host running a fairly recent Apache and PHP 5.2, we are using the solr-php-client library to connect to an external Solr server. This library requires the PHP directive allow_url_fopen to be enabled. Therefore, I would like to disable outgoing PHP connections via iptables, other than connections to the necessary server.
Googling for an appropriate iptables rule leads down many wrong paths. What rule would allow PHP to connect via CURL or fopen() to a specific server, but no other?
Thank you.
Best Answer
how about using iptables rule that filters not only based on the destination address/port but also based on the source user?
if needed you can use su-php to run just your sorl scripts under different uid than your apache.