I have a server running httpd for several websites. Using the top command, I found many httpd processes exhaust memory. Using the netstat command, I found the httpd processes are connecting to an external ip address. Is it possible to locate the (php) script(s)/functions that issue the connections?
Asked
Active
Viewed 149 times
1
-
4When you restrict outgoing connections via the firewall you should get errors in the server log. – Gerald Schneider Nov 13 '22 at 17:02
-
@GeraldSchneider I added a proxy virtual host to httpd.conf and added http_proxy=http://localhost:3128/ to /etc/environment to try to catch the outbound connection made by file_get_contents of php, but it does not work. See my another question:https://serverfault.com/questions/1115758/how-to-configure-a-system-wide-proxy-for-php-file-get-contents-on-centos – peter Nov 16 '22 at 06:43
-
Whats wrong with iptables denying `--uid-owner` or `--cmd-owner`? – Gerald Schneider Nov 16 '22 at 06:50
1 Answers
1
Restrict outgoing connection from the webserver via the system firewall:
iptables -A OUTPUT -p tcp -m owner --uid-owner apache -j REJECT
ip6tables -A OUTPUT -p tcp -m owner --uid-owner www-data -j REJECT
(This is for CentOS, for Ubuntu the default username for Apache2 is www-data instead of apache)
Example error message from the error log file:
PHP Warning: file_get_contents(https://icanhazip.com): failed to open stream: Connection timed out in /var/www/html/test/index.php on line 3
You get the script name and the line with the function call.
Gerald Schneider
- 23,274
- 8
- 57
- 89