-1

I have a php (php-fpm) script script1.php running in /var/www/html/folder1/script1.php, protected with open_basedir "/var/www/html/folder1".

From that script, I call a 2nd script script2.php located in /var/www/html/folder2/script2.php through php-curl.

I call script2 using its public load balancer IP, yet, I get an error from script1, open_basedir in effect. I'm not sure why that's happening since curl is http://, not file://, and shouldn't resolve the file system the way it does. Or should it? I don't intend to change that open_basedir parameter. What's my best course of action?

asked Mar 15, 2022 at 14:16
3
  • Curl returns the error from script1 because you call script2 from script1 so script1 gets the response of the error. you have your open_basedir setup wrong. Commented Mar 15, 2022 at 15:29
  • script2.php is called through a standard http request. they are not in the same basedir because they are 2 different websites, just hosted on the same localhost. Commented Mar 15, 2022 at 16:11
  • Whoops my bad, misinterpreted the question, can you show us the php.ini, are you sure there are not any other open_basedir active? Commented Mar 15, 2022 at 16:14

1 Answer 1

0

Ok I worked it out. Even though php has different child Pids for each script execution, it still considered script2 being called from script1 directly, hence falling within open_basedir jurisdiction. I'm not sure why, since the curl call is emulating an http request and therefore should spawn a brand new process...

Either way, I forced /var/www/html/folder2 into a 2nd php-fpm pool, so not only the children have different PIDs but also the parent process as well. Now curl calls script2, and a separate context is created to handle it. This way, openbase_dir is recalculated correctly and my problem was solved.

Creating a 2nd php-fpm pool is really easy. I use Apache 2.4 but here is an example for nginx that I loosely followed for this exercise: https://www.vultr.com/docs/use-php-fpm-pools-to-secure-multiple-web-sites/

answered Mar 15, 2022 at 17:12
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.