Search
Now in the UK! en-US
  1. Home »
  2. Computers »
  3. Computer Networking »
  4. Network Security »
  5. How to Allow Apache to connect to a remote database under SELinux
More Articles Like This
More by This Author
How To

How to Allow Apache to connect to a remote database under SELinux

Member
By AminTaheri
User-Submitted Article
(10 Ratings)

SELinux is a great tool that should be used on every publicly accessible web server, and on any corporate server where you have a need to secure the data.

SELinux secures services until you tell it that other services and connections are allowed. Its restrictive by nature and needs to be configured to your needs.

It is fairly common for companies to use a seperate server to house a database, or perhaps shared databases for clients seperate from web hosted machines.

If this sounds like you:
"I have problem getting the PHP/Apache on the linux server to work with the external Mysql database. Connection from PHP scripts to the remote database always fails. We made a small php script that simply tries to connect to the remote database. When running the php script in ssh on the web server it works just fine. But when running it under Apache we get a connection failure no matter what we do. "

Then we will address how to fix this :)

Difficulty: Easy
Instructions

Things You'll Need:

  • SSH Access to your server
  • Root access
  1. Step 1

    First we need to verify that SELinux is enabled.

    Code:
    [root@www ~]# getenforce

    You should see something back that looks like
    Enforcing

  2. Step 2

    If you see a different result, try:
    Code:
    [root@www ~]# setenforce 1

    If you get an error, then you do not have SELinux turned on. You will need to go to /etc/selinux/config and edit the file to enable SELinux.

    Once you turn this on (or turn it off for that matter) you will have to reboot the linux server for the chagnes to take effect as they are done during the kernel loading.

  3. Step 3

    Once SELinux is enabled, do the following

    Set SELinux to allow remote connections for HTTP

    Code:
    setsebool -P httpd_can_network_connect=1

  4. Step 4

    Thats it! Your all done. Some people like to reboot to force a reload, but its not necessary unless you want to.

Tips & Warnings
  • There are other selinux restrictions which can affect the server in the future. You can get the full list with the command 'getsebool -a'
  • Not all distributions or "flavors" of linux use the same build. Some newer versions do not use this boolean and have this behavior set in RBACs instead.

Comments  

AminTaheri said

Flag This Comment

on 10/14/2008 Glad I could help.

chrisman said

Flag This Comment

on 10/14/2008 Thank you so much! This solved my problem instantly!

Post a Comment

Post a Comment

eHow Article: How to Allow Apache to connect to a remote database under SELinux

  • See How Others Did It
  • Have you done this? Click here to let us know.
I Did This

Related Ads

Tags
Computers
Alexia Petrakos,

Meet Alexia Petrakos eHow's Computers Expert.

Get Free Computers Newsletters

Copyright © 1999-2009 eHow, Inc. Use of this web site constitutes acceptance of the eHow Terms of Use and Privacy Policy.   en-US

Partner Sites
eHow Computers
eHow_eHow Technology and Electronics