https://bz.apache.org/bugzilla/show_bug.cgi?id=66546
Bug ID: 66546
Summary: Hint to httpd_can_network_connect
Product: Apache httpd-2
Version: 2.4.56
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
Assignee: docs@httpd.apache.org
Reporter: jochen.wiedmann@gmail.com
Target Milestone: ---
According to a Google search for
site:httpd.apache.org httpd_can_network_connect
the following fact isn't mentioned anywhere in the Httpd documentation. I
think, this should be changed.
A properly configured proxy request can fail on Red Hat Enterprise, Fedora,
CentOS, and other SE-Linux based systems can fail, if the SE boolean
httpd_can_network_connect prevents network access to the proxy server.
If that is the case, the error_log will contain a message like
AH01114: HTTP: failed to make connection to backend: 127.0.0.1
Accordingly, the end user will see something like http status 503:
Service unavailable
The server is temporarily unable to service your request due to maintenance
downtime or capacity problems. Please try again later.
Mitigation:
1.) Check the status of the httpd_can_network_connect boolean:
$ sudo getsebool httpd_can_network_connect
httpd_can_network_connect --> off
2.) If the value is "on", then nothing must be changed. Otherwise,
change the value with
$ sudo setsebool httpd_can_network_connect 1
$ sudo setsebool -P httpd_can_network_connect 1
(The first line will change the current runtime only. The -P flag makes
the change permanent.)
Reference:
http://sysadminsjourney.com/content/2010/02/01/apache-modproxy-error-13permission-denied-error-rhel/
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Bug ID: 66546
Summary: Hint to httpd_can_network_connect
Product: Apache httpd-2
Version: 2.4.56
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
Assignee: docs@httpd.apache.org
Reporter: jochen.wiedmann@gmail.com
Target Milestone: ---
According to a Google search for
site:httpd.apache.org httpd_can_network_connect
the following fact isn't mentioned anywhere in the Httpd documentation. I
think, this should be changed.
A properly configured proxy request can fail on Red Hat Enterprise, Fedora,
CentOS, and other SE-Linux based systems can fail, if the SE boolean
httpd_can_network_connect prevents network access to the proxy server.
If that is the case, the error_log will contain a message like
AH01114: HTTP: failed to make connection to backend: 127.0.0.1
Accordingly, the end user will see something like http status 503:
Service unavailable
The server is temporarily unable to service your request due to maintenance
downtime or capacity problems. Please try again later.
Mitigation:
1.) Check the status of the httpd_can_network_connect boolean:
$ sudo getsebool httpd_can_network_connect
httpd_can_network_connect --> off
2.) If the value is "on", then nothing must be changed. Otherwise,
change the value with
$ sudo setsebool httpd_can_network_connect 1
$ sudo setsebool -P httpd_can_network_connect 1
(The first line will change the current runtime only. The -P flag makes
the change permanent.)
Reference:
http://sysadminsjourney.com/content/2010/02/01/apache-modproxy-error-13permission-denied-error-rhel/
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org