Home » Computers » Computer Networking » Network Security » How to Allow Apache to connect to a remote database under SELinux

How to Allow Apache to connect to a remote database under SELinux

By AminTaheri

Rate: (9 Ratings)

SELinux is a great tool that should be used on every publicly accessible web server, and on any corporate server where you have a need to secure the data. SELinux secures services until you tell it that other services and connections are allowed. Its restrictive by nature and needs to be configured to your needs. It is fairly common for companies to use a seperate server to house a database, or perhaps shared databases for clients seperate from web hosted machines. If this sounds like you: "I have problem getting the PHP/Apache on the linux server to work with the external Mysql database. Connection from PHP scripts to the remote database always fails. We made a small php script that simply tries to connect to the remote database. When running the php script in ssh on the web server it works just fine. But when running it under Apache we get a connection failure no matter what we do. " Then we will address how to fix this :)

Flag Article

Instructions

Difficulty: Easy

Things You’ll Need:

  • SSH Access to your server
  • Root access

Step1
First we need to verify that SELinux is enabled.

Code:
[root@www ~]# getenforce

You should see something back that looks like
Enforcing
Step2
If you see a different result, try:
Code:
[root@www ~]# setenforce 1

If you get an error, then you do not have SELinux turned on. You will need to go to /etc/selinux/config and edit the file to enable SELinux.

Once you turn this on (or turn it off for that matter) you will have to reboot the linux server for the chagnes to take effect as they are done during the kernel loading.
Step3
Once SELinux is enabled, do the following

Set SELinux to allow remote connections for HTTP

Code:
setsebool -P httpd_can_network_connect=1
Step4
Thats it! Your all done. Some people like to reboot to force a reload, but its not necessary unless you want to.

Tips & Warnings

  • There are other selinux restrictions which can affect the server in the future. You can get the full list with the command 'getsebool -a'
  • Not all distributions or "flavors" of linux use the same build. Some newer versions do not use this boolean and have this behavior set in RBACs instead.

Post a Comment

POST A COMMENT

Request a New How-To Article

Looking for more How To information? Chances are there’s an eHow member who knows how to do what you’re looking to do. Submit an article request now!

SUBMIT REQUEST

More Articles Like This

More by This Author

eHow Article:  How to Allow Apache to connect to a remote database under SELinux

eHow Member: AminTaheri

AminTaheri

Authority Authority | 4628 Points

Category: Computers

Articles: See my other articles

Related Ads

Restrict Access to a Wireless Network

How to Restrict Access to a Wireless Network
By: LittleMomma316


tighten your wireless networks security

How to tighten your wireless networks security
By: Amanda Morin


Unblock Websites

How to Unblock Websites
By: eHow Computers Editor


Secure a directory with .htaccess with Apache

How to Secure a directory with .htaccess with Apache
By: dragula20213


Support Capital Punishment

How to Support Capital Punishment
By: eHow Computers Editor


SEARCH

Copyright © 1999-2008 eHow, Inc. Use of this web site constitutes acceptance of the eHow Terms of Use and Privacy Policy.

Partner Sites

Demand Media