Fall Sale! Code FALL2024 takes 25% OFF our Pro Plugins & Books »
Web Dev + WordPress + Security

Enable PHP fsockopen with CSF

[ Mr. PHP fsockopen CSF ] Recently started some sites with Liquid Web hosting, everything going extremely well all around. There was one hiccup (at least for me) where PHP’s fsockopen was not working. At the time, I was trying to figure out why the Whois Lookup feature used by Blackhole Bad Bots was not working. Initial investigation revealed that fsockopen() external HTTP requests were getting blocked somewhere. Everything else worked, including making the requests via cURL.

Further investigation revealed that outgoing requests were blocked only on certain ports. Some ports worked fine but not the one I needed at the time (port 43). After some digging, turns out that CSF firewall is enabled on the server. And guess what, the CSF configuration specifically whitelists which ports are allowed access for incoming, outgoing, and other requests.

Solution

To enable outgoing/external requests to port 43, open /etc/csf/csf.conf via Terminal/SSH (or whatever you’re using to access the server). Make a backup of the file, and then open the original and edit the “outgoing TCP ports” to include your port number(s). Here are the default CSF ports with “43” added to the list:

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,26"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873"

Save changes and done. fsockopen (and anything else) now allowed to make outgoing requests and therefore function properly.

Long Story

Looking at the code, here is the command that was failing:

$sock = fsockopen($server, 43, $num, $error, 20);

Notice the “43”, that is the port number. Now, if we look at the csf.conf file, we see the default whitelisted ports for outgoing requests:

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"

Notice that 43 is not on the list, so not allowed. And THAT my friends is why PHP fsockopen is not working for certain ports.

Step-by-step solution

Now to fix, let’s add our port 43 to the CSF whitelist. Here are detailed steps for those who may need them.

  1. Connect to your server via SSH/Terminal (or whatever you prefer)
  2. Locate the configuration file, csf.conf (e.g., /etc/csf/csf.conf)
  3. Make a quick backup: cp csf.conf csf.conf.bak
  4. Use vi to edit the file (or install/use nano: yum install nano)
  5. In the file, scroll to: TCP_OUT = "20,21,22,25,53,80,110,..."
  6. Add your port(s) to the list, save changes, and exit editor
  7. Now restart CSF so changes take effect: csf -r
  8. Done!

Effective results immediately, fsockopen able to connect on port 43 as required (or whatever port numbers you are working with). And keep in mind that this same process can be used for customizing other aspects of CSF.

Have fun! :)

About the Author
Jeff Starr = Web Developer. Security Specialist. WordPress Buff.
BBQ Pro: The fastest firewall to protect your WordPress.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
.htaccess made easy: Improve site performance and security.
Thoughts
I disabled AI in Google search results. It was making me lazy.
Went out walking today and soaked up some sunshine. It felt good.
I have an original box/packaging for 2010 iMac if anyone wants it free let me know.
Always ask AI to cite its sources. Also: “The Web” is not a valid answer.
All free plugins updated and ready for WP 6.6 dropping next week. Pro plugin updates in the works also complete :)
99% of video thumbnail/previews are pure cringe. Goofy faces = Clickbait.
RIP ICQ
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.