Limiting IP choice from CURLOPT_INTERFACE

john asked:

I have a server with 6 ip addresses added via cPanel. I’m having troubles limiting the IP address my clients can use as an outgoing IP address in their PHP script. Some of them are running proxies and using the CURLOPT_INTERFACE to switch from the server IP address to other clients IP address.

I’m not sure how to limit CURLOPT_INTERFACE to just the server IP address or bind it to the server + the clients dedicated IP address…

My answer:

Try using firewall rules to restrict IP address usage to the user assigned to them.

For instance, let’s say that the user bob is the only person who should use IP address His user ID is 503.

Then we will deny any other user ID to make outgoing connections using that IP address:

iptables -I OUTPUT -m owner ! --uid-owner 503 -s -j REJECT --reject-with icmp-admin-prohibited

Any other users will then get a Permission denied if they try to make outgoing connections with this IP address.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.