English
English
When writing Socket-based server programs using PHP, socket_accept() is a key function to accept client connections. Although this function is very practical, it does not have access control functions. If you want your service to allow only specific IP addresses to connect, you need to implement the IP whitelist filtering mechanism yourself.
This article will introduce in detail how to add IP whitelisting function to services using socket_accept() to improve service security and control capabilities.
First, let's look at a typical basic Socket service structure using socket_accept() :
$host = '0.0.0.0';
$port = 12345;
$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
socket_bind($socket, $host, $port);
socket_listen($socket);
echo "The server is started,Listen to port $port...\n";
while (true) {
$clientSocket = socket_accept($socket);
// Will add here IP Whitelist filtering logic
}
By default, the above code will accept connection requests from all clients unlimitedly. In order to join the IP whitelist control, we need to use socket_getpeername() to obtain the client IP after socket_accept() , and then determine whether the IP is in the whitelist.
The following is the modified code, adding a simple whitelisting mechanism:
$host = '0.0.0.0';
$port = 12345;
// IP Whitelist
$whitelist = [
'192.168.1.100',
'203.0.113.45',
'198.51.100.23'
];
$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
socket_bind($socket, $host, $port);
socket_listen($socket);
echo "The server is started,Listen to port $port...\n";
while (true) {
$clientSocket = socket_accept($socket);
if ($clientSocket === false) {
continue;
}
socket_getpeername($clientSocket, $clientIp);
if (!in_array($clientIp, $whitelist)) {
echo "Reject from $clientIp Connection。\n";
socket_close($clientSocket);
continue;
}
echo "Accepted from $clientIp Connection。\n";
// Client request logic is processed here
$welcomeMsg = "Welcome to visit m66.net Services。\n";
socket_write($clientSocket, $welcomeMsg, strlen($welcomeMsg));
socket_close($clientSocket);
}
socket_getpeername() : This function is used to obtain the IP address of the connected client.
Whitelist array : You can put the IP address you allow access into the $whitelist array.
Connection control : For IPs that are not on the whitelist, we directly use socket_close() to disconnect.
It is not recommended to hard-code whitelists in code, and can be loaded dynamically from the database or configuration file during actual deployment.
You can consider adding logging function to track illegal connection attempts.
By adding IP whitelist verification logic after socket_accept() , unauthorized access can be effectively restricted and the security of PHP Socket services can be improved. The above example shows a most basic implementation method, which developers can expand according to actual needs, such as adding CIDR range, supporting IPv6 addresses, etc.
When building a PHP Socket program that provides services to the outside world, be sure to keep a "first line of defense" and not allow untrusted clients to easily access your system. Hope this article is helpful to you!
