next »

[esrun]

I just setup a new server and I admit that general server setup is not my strong point. I'm getting the following error when I try to use file_get_contents on a remote file:

Warning: file_get_contents(http://www.yahoo.co.uk) [function.file-get-contents]: failed to open stream: Permission denied in /var/www/html/youlittlespunker/test.php on line 8

It works fine when I try to open a local file. I have enabled fopen thing in php.ini.

ANy ideas? I have been searching for a solution for awhile and I give up now.

Thanks

[dink]

No expert, but I'd check that you have safe mode turned off.

My understanding is that safe mode doesn't allow opening remote files.

[perkiset]

Is this your box or VPS es, or a shared box?

The safe mode switches that would inhibit this activity are not on by default... either they would have to have been turned on in the in or switched in the compile line. Did you compile the PHP instance yourself? In any case, perhaps you could post the compile like (from the top of the phpinfo()) here so we could get a look.

Another outside idea is that there is some for of bot protection on the file... it's expecting something its not getting, so it's returning a deny code, so it looks like it's your local php but its actually the remote box. just thinking.

[SEOidiot]

his box is a dedi

or so my surveillance cameras would lead me to believe 

[esrun]

Yeah its just another dedi. Safe mode is not on and I have enabled all the php.ini settings which are relevant to this. I have been advised by someone with a little more knowledge on the subject to just grab the latest version of php and recompile so I'll give this a go in the morning. Cheers guys.

[esrun]

Finally got it, it was /etc/sysconfig/selinux 

[thedarkness]

Spleen->vent()

Seriously, selinux shits me, it has been responsible for so much wasted time it's incredible. I know people argue for it but FFS there must be a better way to do it that doesn't have such a hidden cost in terms of wasted/lost time.

My personal belief is that if an attacker makes it onto your box the battles already lost. Only sure security is not to let them on in the first place.

Cheers,
td

[perkiset]

Agree - personal strategy is to put IPCop in front of everything, port translate to NAT translated box behind it. Shutdown all unnecessary services on destination box. Then use IPCop's VPN facility to get past it to talk to FTP, SSH etc. The only public service is on 80 and optionally 443.

The SELinux and hardened Solaris products just looked like too much of a PIA to me.


/p

[perkiset]

Note to TD: I split this thread because where you were going needs it's own thread.

And now back to our regularly scheduled topic...

/p