Log file for outgoing PHP requests (like access.log)
Is there a way to log all outgoing requests of PHP to a log file?
I'm not looking for a way to debug a single script with tcpdump
but to continuously log all PHP requests, so I can review them later - i.e., very similar to the web servers access.log
but for all outgoing requests that are made from any PHP script on the server.
I want to do two things with this:
- Confirm if my website is secure/GDPR-compliant and no scripts try to "phone home".
- Our server is supposed to make one external request per day. I want to validate that those requests happen, and ideally also see the response code that was returned by the remote site.
Solution 1:
If you don't want to use tcpdump, providing you are running GNU/Linux on your server, you can use iptables owner match target.
First you need to check under which user your scripts are executed. If you are running Apache/mod_php this will be the same as apache user (usually apache
or httpd
). If you are running nginx/fastcgi/etc these might have other process owner (suid). Anyways mostly always this will be separate user id (uid), or at least you can change your configuration that way. Once you know your php uid, you can do an iptable owner match
with LOG target
. Something like this:
iptables -I OUTPUT -o eth0 -m owner --uid-owner apache -j LOG --log-prefix "PHP-CONN: "
Make sure to change interface you the one looking on the Internet side (to avoid logging localhost dummy requests). By default the example above will log every packet, including TCP handshakes, etc. You can add additional iptables options for more filtering. For example adding state match
to filter only NEW
connections (with netfilter conntrack):
iptables -I OUTPUT -o eth0 -m owner --uid-owner apache -m state --state NEW -j LOG --log-prefix "PHP-CONN: "
Then all those requests from your process will be logged to a syslog facility (depending on your distro setup, those are usually logged to dmesg
+ /var/log/messages
or /var/log/syslog
). Those will look similar to this:
PHP-CONN: IN= OUT=eth0 SRC=192.168.9.235 DST=195.201.201.32 LEN=52 TOS=0x10 PREC=0x00 TTL=64 ID=37120 DF PROTO=TCP SPT=56812 DPT=80 WINDOW=501 RES=0x00 ACK FIN URGP=0