Limit IPs that have access to PHP built-in server

Question

Is it possible to whitelist which IP's can access a built-in PHP server?

If opened with php -S 127.0.0.1:8082 it will only be visible to localhost. If done with php -S 192.168.0.10:8082 it will be visible to my entire local network. If done by php -S 0.0.0.0:8082 makes it available to whole internet.

Is it possible to limit the webserver availability to a specific set of IPs (just few IPs in my local network) without using apache, but only PHP's built in server?

Possible duplicate of [white list ip address for admin access](https://stackoverflow.com/questions/7465321/white-list-ip-address-for-admin-access) — Xpleria, Oct 27 '17 at 09:12
Not really. I would like the webserver to not respond to non-whitelisted IPs at all. — Paulo Amaral, Oct 28 '17 at 11:09
This is something you would generally achieve using a firewall, either software or hardware, which would depend on the operating system and network configuration. Assuming it's Linux, do you have something like iptables running on the server? — jaseeey, Oct 28 '17 at 11:21
Running cygwin with no admin privileges, that's why I would like to know if there is such feature only relying on php binary. — Paulo Amaral, Oct 30 '17 at 09:00

score 0 · Accepted Answer · answered Nov 28 '17 at 15:28

0

It is just not possible to not give away that there is a PHP server running on a specific port by using PHP code, because before the script starts, a connection with the webserver is established to then process the request.

answered Nov 28 '17 at 15:28

Paulo Amaral

747
1
5
24

Limit IPs that have access to PHP built-in server

1 Answers1