Apache mod_proxy '[error] (13)Permission denied' error on RHEL
Had an interesting issue today working on a mod_proxy setup of Apache forwarding requests in a reverse proxy setup to a backend Tomcat server. No matter what I did, I kept getting this in Apache's error log:
[error] (13)Permission denied: proxy: AJP: attempt to connect to 10.x.x.x:7009 (virtualhost.virtualdomain.com) failed
I thought for sure it was proxy permissions, but nothing I did fixed the issue. Then it hit me: SELinux! Why I always think of SELinux last when it's responsible for 90% of my problems, I'll never know. SELinux on RHEL/CentOS by default ships so that httpd processes cannot initiate outbound connections, which is just what mod_proxy attempts to do. If this is your problem, you'll see something like this in /var/log/audit/audit.log:
type=AVC msg=audit(1265039669.305:14): avc: denied { name_connect } for pid=4343 comm="httpd" dest=7009
scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
To fix this, first test by setting the boolean dynamically (not permanent yet):
/usr/sbin/setsebool httpd_can_network_connect 1
If that works, you can set it so that the default policy is changed and this setting will persist across reboots:
/usr/sbin/setsebool -P httpd_can_network_connect 1
Hope this saves others some time!
Comments
I just had same problem and
I just had same problem and this fix the issue.
Whe i try to access via browser, it says:
"503 Service Temporarily Unavailable"
thanks!!
Error 13
Dear friends,
I have this issue getting error 13 on my website for a month.
The hosting company blames the software company and viceversa.
Is there any nice soul on here who can please tell me what to do?
Here is the error that I get and thank you in advance,
Jesus
Error: the XML response that was returned from the server is invalid.
Received:
<pre>Error: E_NOTICE
URL: http://www.chatnblog.com/_server/server.php
File: /mnt/target03/358826/441486/www.chatnblog.com/web/content/_include/core/main_start.php
Line: 0
Message: session_start() [<a href='function.session-start'>function.session-start</a>]:
ps_files_cleanup_dir: opendir(/var/lib/php/session) failed: Permission denied (13)</pre>
It helped me a lot
Thanks for this advice, i was in the same context, and i spent a few hours searching for the solution.
Changing the default policy resolved it, and now the ajp connector works well!
Many thanks !
Huge thanks. I just wasted
Huge thanks. I just wasted about an hour rewriting my apache conf trying to understand what I was doing wrong after moving from an ubuntu development machine to a fedora one.
Add new comment