Reputation: 21542
curl triggering open_basedir
I have a php (php-fpm) script script1.php running in /var/www/html/folder1/script1.php, protected with open_basedir "/var/www/html/folder1".
From that script, I call a 2nd script script2.php located in /var/www/html/folder2/script2.php through php-curl.
I call script2 using its public load balancer IP, yet, I get an error from script1, open_basedir in effect. I'm not sure why that's happening since curl is http://, not file://, and shouldn't resolve the file system the way it does. Or should it? I don't intend to change that open_basedir parameter. What's my best course of action?
Upvotes: -1
Views: 141
Answers (1)
Reputation: 21542
Ok I worked it out. Even though php has different child Pids for each script execution, it still considered script2 being called from script1 directly, hence falling within open_basedir jurisdiction. I'm not sure why, since the curl call is emulating an http request and therefore should spawn a brand new process...
Either way, I forced /var/www/html/folder2 into a 2nd php-fpm pool, so not only the children have different PIDs but also the parent process as well. Now curl calls script2, and a separate context is created to handle it. This way, openbase_dir is recalculated correctly and my problem was solved.
Creating a 2nd php-fpm pool is really easy. I use Apache 2.4 but here is an example for nginx that I loosely followed for this exercise: https://www.vultr.com/docs/use-php-fpm-pools-to-secure-multiple-web-sites/
Upvotes: 0
Related Questions
- Apache and PHP Curl Issue
- cURL 7.27.0-1 fails to load via Apache PHP, but works great on php command line
- PHP Curl error HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
- fopen and CURLOPT_FAILONERROR
- fopen & cURL on php ubuntu web server
- Apache server returning empty - curl - php for php
- Why was CURLOPT_FOLLOWLOCATION made incompatible with open_basedir?
- PHP open_basedir
- open_basedir not having any effect
- PHP open_basedir broken in Apache but works in PHP at runtime