The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is it possible to disable/prevent user from chaneg CURLOPT_REFERER in curl?

Discussion in 'Security' started by peratik, Jan 17, 2014.

  1. peratik

    peratik Member

    Joined:
    Aug 31, 2013
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello

    For security reason we would like to disable user's php code to use CURLOPT_REFERER on CURL.

    Is it possible to prevent it?

    Regards
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    While you could disable cURL itself through a custom php.ini file if you are using suPHP, I am not sure it's possible to disable CURLOPT_REFERER on a per-account basis. Could you elaborate on the specific security concern you have with it?

    Thank you.
     
  3. peratik

    peratik Member

    Joined:
    Aug 31, 2013
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello

    There is a "Report-Type: login-attack Service: bruteforcelogin" attack from a script on our server to another server:

    I can't find the script because it changes the CURLOPT_REFERER
     
Loading...

Share This Page