'[Bug 66546] New: Hint to httpd_can_network_connect'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-docs
Subject:    [Bug 66546] New: Hint to httpd_can_network_connect
From:       bugzilla () apache ! org
Date:       2023-03-30 10:08:33
Message-ID: bug-66546-56585 () https ! bz ! apache ! org/bugzilla/
[Download RAW message or body]

https://bz.apache.org/bugzilla/show_bug.cgi?id=66546

            Bug ID: 66546
           Summary: Hint to httpd_can_network_connect
           Product: Apache httpd-2
           Version: 2.4.56
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation
          Assignee: docs@httpd.apache.org
          Reporter: jochen.wiedmann@gmail.com
  Target Milestone: ---

According to a Google search for
  site:httpd.apache.org httpd_can_network_connect
the following fact isn't mentioned anywhere in the Httpd documentation. I
think, this should be changed.

A properly configured proxy request can fail on Red Hat Enterprise, Fedora,
CentOS, and other SE-Linux based systems can fail, if the SE boolean
httpd_can_network_connect prevents network access to the proxy server.

If that is the case, the error_log will contain a message like

  AH01114: HTTP: failed to make connection to backend: 127.0.0.1

Accordingly, the end user will see something like http status 503:

  Service unavailable
  The server is temporarily unable to service your request due to maintenance
downtime or capacity problems. Please try again later.

Mitigation:

  1.) Check the status of the httpd_can_network_connect boolean:
      $ sudo getsebool httpd_can_network_connect
      httpd_can_network_connect --> off

  2.) If the value is "on", then nothing must be changed. Otherwise,
      change the value with
      $ sudo setsebool httpd_can_network_connect 1
      $ sudo setsebool -P httpd_can_network_connect 1
      (The first line will change the current runtime only. The -P flag makes
      the change permanent.)

Reference:
http://sysadminsjourney.com/content/2010/02/01/apache-modproxy-error-13permission-denied-error-rhel/

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic