Fedora Linux Support Community & Resources Center
Old 25th November 2006, 06:44 PM
Madeye Offline
Registered User
Join Date: Oct 2006
Posts: 10
SELinux/Apache Configuration


I am using Apache 2.2 on Fedora Core 6 to connect to Tomcat 5.5 instances running on localhost via AJP. I am running SELinux enforced with the default HTTPD policy. All connections are to localhost.

For the Tomcat instance with AJP port 8009, Apache is able to connect fine.
For all the other instances with other AJP ports, Apache is unable to connect.

If I now change the HTTPD SELinux policy for httpd_can_network_connect to true, Apache is now able to connect fine to the other Tomcat instances.

So, somehow, even in httpd_can_network_connect = false mode, Apache knows that it is allowed to connect to port 8009 on localhost.

Where is this configured? How can I keep httpd_can_network_connect = false, yet configure a few additional AJP ports?

I don't want to leave my Apache wide open, but right now I can't see I have a choice if I want multiple Tomcat instances on the box. Ironically, I have noticed that RHEL 4.0 does not exhibit this behaviour by default (I have a server with a dozen Tomcat instances running quite happily behind Apache with no mod to the policy).

Thanks for the help ,
Reply With Quote
Old 23rd February 2011, 11:48 PM
krow oak Offline
Registered User
Join Date: Feb 2011
Posts: 1
Re: SELinux/Apache Configuration

the following command tells us what ports are allowed access to httpd:

semanage port -l | grep -w http_port_t

to add a new port - 8019 for instance, use the following:

semanage port -a -t http_port_t -p tcp 8019

Note that you need to be root to perform the above.
Hope this helps.
Reply With Quote

configuration, selinux or apache

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache configuration chrisk Servers & Networking 55 26th November 2008 05:49 PM
SElinux configuration.. landolini Security and Privacy 2 6th May 2008 05:01 AM
SElinux configuration OralDeckard Security and Privacy 7 3rd September 2007 12:32 AM

Current GMT-time: 02:18 (Sunday, 20-08-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat