Defense in depth means patching both: restrict file uploads/execution AND block unexpected outbound connections.
Rules can detect typical PHP reverse shell patterns: Reverse Shell Php