SELinux/Apache Configuration - Fedora Support Forums and Community
Results 1 to 2 of 2
  1. #1
    Join Date
    Oct 2006

    SELinux/Apache Configuration


    I am using Apache 2.2 on Fedora Core 6 to connect to Tomcat 5.5 instances running on localhost via AJP. I am running SELinux enforced with the default HTTPD policy. All connections are to localhost.

    For the Tomcat instance with AJP port 8009, Apache is able to connect fine.
    For all the other instances with other AJP ports, Apache is unable to connect.

    If I now change the HTTPD SELinux policy for httpd_can_network_connect to true, Apache is now able to connect fine to the other Tomcat instances.

    So, somehow, even in httpd_can_network_connect = false mode, Apache knows that it is allowed to connect to port 8009 on localhost.

    Where is this configured? How can I keep httpd_can_network_connect = false, yet configure a few additional AJP ports?

    I don't want to leave my Apache wide open, but right now I can't see I have a choice if I want multiple Tomcat instances on the box. Ironically, I have noticed that RHEL 4.0 does not exhibit this behaviour by default (I have a server with a dozen Tomcat instances running quite happily behind Apache with no mod to the policy).

    Thanks for the help ,

  2. #2
    Join Date
    Feb 2011

    Re: SELinux/Apache Configuration

    the following command tells us what ports are allowed access to httpd:

    semanage port -l | grep -w http_port_t

    to add a new port - 8019 for instance, use the following:

    semanage port -a -t http_port_t -p tcp 8019

    Note that you need to be root to perform the above.
    Hope this helps.

Similar Threads

  1. Apache configuration
    By chrisk in forum Servers & Networking
    Replies: 55
    Last Post: 26th November 2008, 05:49 PM
  2. SElinux configuration..
    By landolini in forum Security and Privacy
    Replies: 2
    Last Post: 6th May 2008, 05:01 AM
  3. SElinux configuration
    By OralDeckard in forum Security and Privacy
    Replies: 7
    Last Post: 3rd September 2007, 12:32 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts