Apache mod_proxy '[error] (13)Permission denied' error on RHEL

Posted Mon, 02/01/2010 - 10:46 by Justin Ellison

Had an interesting issue today working on a mod_proxy setup of Apache forwarding requests in a reverse proxy setup to a backend Tomcat server. No matter what I did, I kept getting this in Apache's error log:

[error] (13)Permission denied: proxy: AJP: attempt to connect to 10.x.x.x:7009 (virtualhost.virtualdomain.com) failed

I thought for sure it was proxy permissions, but nothing I did fixed the issue. Then it hit me: SELinux! Why I always think of SELinux last when it's responsible for 90% of my problems, I'll never know. SELinux on RHEL/CentOS by default ships so that httpd processes cannot initiate outbound connections, which is just what mod_proxy attempts to do. If this is your problem, you'll see something like this in /var/log/audit/audit.log:

type=AVC msg=audit(1265039669.305:14): avc:  denied  { name_connect } for  pid=4343 comm="httpd" dest=7009 
scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

To fix this, first test by setting the boolean dynamically (not permanent yet):

 /usr/sbin/setsebool httpd_can_network_connect 1

If that works, you can set it so that the default policy is changed and this setting will persist across reboots:

 /usr/sbin/setsebool -P httpd_can_network_connect 1

Hope this saves others some time!

Your rating: None Average: 5 (1 vote)

Comments

I just had same problem and

by cao (not verified) - 04/27/2010 - 01:31

I just had same problem and this fix the issue.

Whe i try to access via browser, it says:

"503 Service Temporarily Unavailable"

thanks!!

Error 13

by Jesus (not verified) - 05/07/2010 - 10:43

Dear friends,

 

I have this issue getting error 13 on my website for a month.

The hosting company blames the software company and viceversa.

Is there any nice soul on here who can please tell me what to do?

Here is the error that I get and thank you in advance,

 

Jesus

 

Error: the XML response that was returned from the server is invalid.
Received:
<pre>Error: E_NOTICE
URL: http://www.chatnblog.com/_server/server.php
File: /mnt/target03/358826/441486/www.chatnblog.com/web/content/_include/core/main_start.php
Line: 0
Message: session_start() [<a href='function.session-start'>function.session-start</a>]:

ps_files_cleanup_dir: opendir(/var/lib/php/session) failed: Permission denied (13)</pre>

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <param> <strike> <caption>
  • Lines and paragraphs break automatically.

More information about formatting options