How can I locate the php script that issues outbound connections?

peter

11/13/23, 3:11 PM

I have a server running httpd for several websites. Using the top command, I found many httpd processes exhaust memory. Using the netstat command, I found the httpd processes are connecting to an external ip address. Is it possible to locate the (php) script(s)/functions that issue the connections?

149

1 + 3

php

httpd

apache-2.4

Gerald Schneider

11/13/23, 5:02 PM

When you restrict outgoing connections via the firewall you should get errors in the server log.

peter

11/16/23, 6:43 AM

@GeraldSchneider I added a proxy virtual host to httpd.conf and added http_proxy=http://localhost:3128/ to /etc/environment to try to catch the outbound connection made by file_get_contents of php, but it does not work. See my another question:https://serverfault.com/questions/1115758/how-to-configure-a-system-wide-proxy-for-php-file-get-contents-on-centos

Gerald Schneider

11/16/23, 6:50 AM

Whats wrong with iptables denying `--uid-owner` or `--cmd-owner`?

Score:1

Server

Gerald Schneider

11/16/23, 7:24 AM

Restrict outgoing connection from the webserver via the system firewall:

iptables -A OUTPUT -p tcp -m owner --uid-owner apache -j REJECT
ip6tables -A OUTPUT -p tcp -m owner --uid-owner www-data -j REJECT

(This is for CentOS, for Ubuntu the default username for Apache2 is www-data instead of apache)

Example error message from the error log file:

PHP Warning: file_get_contents(https://icanhazip.com): failed to open stream: Connection timed out in /var/www/html/test/index.php on line 3

You get the script name and the line with the function call.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How can I locate the php script that issues outbound connections?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.