SELinux Is Preventing Apache/PHP From Loading Modules

Jul 28, 2008

I can't get SELinux to let httpd load the IonCube module for PHP. I've given the CentOS 5 forum a try (here: http://www.centos.org/modules/newbb/...15403&forum=42), talked with WHMCS's support (the app I'm using that needs it), and even opened a ticket with IonCube. Unfortunately nobody seems to know how to tell SELinux to let httpd "exec" modules.

I'm running CentOS 5, and the error I'm getting in /var/log/messages is:

Jul 23 10:15:30 host kernel: audit(1216833330.905:1249): avc: denied { execheap } for pid=22055 comm="httpd" scontext=root:system_r:httpd_t:s0 tcontext=root:system_r:httpd_t:s0 tclass=process

I can disable SELinux and it works fine (setenforce 0), but that's not the solution I'm looking for. Can someone please tell me how to do this the *right* way?

View 11 Replies


ADVERTISEMENT

LXADMIN :: SummarySELinux Is Preventing From Loading ..requires Text Relocation.

Jun 20, 2008

I am currently installing lxadmin in my webserver, but during the intallation i received a alert message from my "settroubleshootebrowser" saying:

SummarySELinux is preventing /usr/local/lxlabs/ext/php/php from loading /usr/local/lxlabs/ext/php/lib/mysql.so which requires text relocation.

Allowing AccessIf you trust:

/usr/local/lxlabs/ext/php/lib/mysql.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/local/lxlabs/ext/php/lib/mysql.so"The following command will allow this access:chcon -t textrel_shlib_t /usr/local/lxlabs/ext/php/lib/mysql.so

This message was for thwe SQL and Zend optimizer.

My Question is, where do i find the "chcon -t textrel_shlib_t" file allow access?

View 3 Replies View Related

Making SELinux And Apache Play Nicely

Feb 15, 2007

Is it possible to make these two work together? I can't seem to find any way to let Apache read /home/<username>/public_html without disabling selinux entirely.

I know you can do "chcon -t httpd_sys_content_t -R $HOME/public_html", but it seems like it would be a pain when adding users, especially if someone decides to delete their public_html and make a new directory.

Is it possible to create an exception to let httpd do whatever it wants?

View 0 Replies View Related

Apache Modules

Oct 10, 2007

On a Linux box, is there a way to list all of the modules that are running in Apache but NOT compiled into Apache?

I now that "httpd -l" = lists all of the Apache compiled modules.

View 5 Replies View Related

Removing Apache Modules

Apr 17, 2009

I have a RHEL 5 server, that host one site with a common PHP 5.x -MySQL 5.x app, it also uses .htaccess to rewrite rules. I'm trying to optimize apache to the max, and though about removing some unneccesary modules. The actual modules loaded are:

Code:
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so
LoadModule security_module /usr/lib/httpd/modules/mod_security.so
Besides of mod_evasive, mod_security that are security modules, what modules can I disable without causing any problems to a common PHP-MySQL website?

This is a plain RH box, virtual host is configured at httpd.conf in this way:

Code:
<VirtualHost SERVERIP>
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /var/www/sites/mysite.com
<Directory "/var/www/sites/mysite.com">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</VirtualHost>

View 4 Replies View Related

Apache :: Several Modules Missing Or Different Name

Jun 2, 2014

I'm trying to install the Win32 dist from apachelounge 2.4.9 and I'm having difficulties getting the modules loaded. Several modules have different names or aren't there at all. mod_imap.so

View 1 Replies View Related

How To Add Apache Load Modules

Feb 11, 2013

I have complied Apache from the source with so enabled and compiled PHP with Apache apxs. What if I do, if I want to add/Load another modules as a dynamic modules without recompiling apache. Suppose if I want to enable rewrite or any other module.I am pasting the command which I used to compile apahce.

Apache
==
./configure --prefix=/usr/local/apache --enable-module=so
make
make install

PHP
==
./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs
make
make install

Both are running fine on my server,how to enable mod rewrite module as shared module fro example ?? 

View 1 Replies View Related

Performance » Deciding On Apache Modules To Use

Jul 30, 2008

what modules I should use in my httpd.conf file. Here's the modules that I currently have enabled / disabled. The site is running specifically off PHP. There is no need for CGI, ASP, or any other languages (to my knowledge). The negotiation module is enabled,. It does not need to be to my knowledge.

However, when I disabled it Apache would not restart. Could someone give some details as to which directives need to be disabled for negotiation to be disabled. Also, does anyone know if negotiation is essential. It is not to my knowledge. Suggestions and comments are much appreciated. Thank you in advance for your hard work and experience being as it's not costing me anything. I will do my best to return the favor.

LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_ldap_module modules/mod_auth_ldap.so
# LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
# LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
# LoadModule cgi_module modules/mod_cgi.so
LoadModule logio_module /usr/lib/httpd/modules/mod_logio.so

View 0 Replies View Related

Apache :: Identity Modules Compiled For RHEL

Apr 26, 2014

I have 2.4.x version installed on RHEL and I need to install same version on Solaris 10. How can I find out what packages/modules were compiled for RHEL so that I can download same for Solaris and compile them.

View 2 Replies View Related

Apache :: Reverse Proxy Modules - Error Reading Status Line From Remote Server

Oct 17, 2013

We have been using Apache 2.2.x with reverse proxy modules for our clients to access their OWA servers for over a year. I want to get us to Apache 2.4.x so I setup a test box with latest 2.4 on it. I fixed the config file issues since 2.4 has changes in it. OWA proxy is working on my test server with Apache 2.4. But with 2.4 I do have an issue I cannot figure out. Note that this does NOT occur with Apache 2.2. I get the following errors when using ActiveSync through reverse proxy:

[Thu Oct 17 12:19:11.670665 2013] [proxy_http:error] [pid 748:tid 8440] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : [client x.x.x.x:20311] AH01102: error reading status line from remote server mail.nameredacted.net:443
[Thu Oct 17 12:19:11.670665 2013] [proxy:error] [pid 748:tid 8440] [client x.x.x.x:20311] AH00898: Error reading from remote server returned by /Microsoft-Server-ActiveSync

So somehow with Apache 2.4 there is some sort of timeout that was not there with 2.2.

View 2 Replies View Related

Loading Localhost With Apache

Dec 9, 2007

I've had a localhost server setup for awhile now, and all of a sudden when I access [url]it wants to download my "index.php" file. However, when I access it via [url]is loads fine.

View 7 Replies View Related

Apache/MySQL/PHP Issue - PHP Not Loading

Jun 28, 2008

I've got a server that was running Apache 2.0/PHP 5.2.5 & MysQL 5.0 just fine, however I needed to upgrade to a newer version of MySQL.

So I uninstalled MySQL 5.0 and installed MySQL 5.1, copied the MySQLlibs over, and recompiled Apache/PHP with easyupdate. Apache & MysQL both start/run fine without errors, however PHP files don't load. Just get black pages (HTML works fine obviously).

I went ahead and updated to Apache 2.2 & PHP 5.2.6 while I was at it, but that doesn't change things. I'm not sure why uninstalling MysQL & reinstalling would break any dependencies, but looks like thats the case. Perhaps I need to reinstall some libraries?

Or would it be easier just to reinstall Apache/PHP entirely? I have no data.

View 4 Replies View Related

Apache :: 2.4.10 Stop Loading Resources

Mar 3, 2015

I encounter a strange issue with Apache. My apache proxy is configured to work as a reverse proxy with virtuals hosts using SSL.

When I try to load a web site page with several ressources, internet navigator begin to load ressources but often stop without ending. It continue to load (cursor) but don't do anything.

On both side (client and server), requests terminate with status 200 so all seem good but... (debug navigateur and acces.log OK)

After several F5 (refresh), all ressources are finally loaded and the html page display correctly.

Here is my configuration :

Server OS : Ubuntu server 14.04.2 (64 bits)
Apache version : 2.4.10
SSL version : 1.0.1f (ubuntu version)

An example of host :
...
<VirtualHost 192.168.254.16:443>
ServerName ged.irsa.fr

SSLEngine on
SSLCertificateFile /etc/certificates/ged.irsa.fr.2.crt
SSLCertificateKeyFile /etc/certificates/ged.irsa.fr.2.key
SSLCertificateChainFile /etc/certificates/gandi/Gandi_bundle_CA.pem
[Code] ....

Modified configuration in apache2.conf file :
...
AcceptFilter http none
AcceptFilter https none
EnableSendfile off
EnableMMAP off
...

Modified configuration in mods_enabled/ssl.conf :

...
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:

[Code] ....

Here is an extract off /var/log/apache/error.log with trace mode, just before the stop loading :

[Tue Mar 03 11:52:00.115567 2015] [proxy:debug] [pid 5339:tid 140124566247168] proxy_util.c(2146): AH00943: AJP: has released connection for (*)
[Tue Mar 03 11:52:00.115671 2015] [ssl:trace4] [pid 5339:tid 140124566247168] ssl_engine_io.c(2054): [client 90.83.195.161:16378] OpenSSL: I/O error, 5 bytes expected to read on BIO#7f7163bfdff0 [mem: 7f71180798d3]

[Code] ....

I have test many things but nothing worked for the moment.

View 3 Replies View Related

Apache :: Webpage Loading Very Slowly

Jul 6, 2015

In short, the main page for my Mediawiki install loads very slowly. I know I have a lot going on with the main page and can do some other things to speed it up but my main issue is a 10.5 second pause that I can discern no reason for. I ran the site through GT Metrix and saw this:

[URL]

What is that long pause for and how can I stop it?

View 1 Replies View Related

Find Out Which .conf Files Apache 2.2 Is Loading

Apr 23, 2009

Is there a way to get Apache to tell me which .conf file it is loading at start-up?

There's a box that's misbehaving and Apache is running on port 80 and 8080 on the box... but we can't locate *why* it's running on port 8080. I can't find any Listen 8080 statement in the typical config files. If I knew which config files it was loading, I could go through all of the files in more detail.

View 4 Replies View Related

Apache :: Localhost Is Randomly Loading Forever?

Mar 12, 2015

my local host is just taking incredibly long to load. At work I've set it up no differently and it works like a charm, but at home, it works.. But at times it doesnt load instantly until I restart my browser. I have to press refresh or enter to login a million times for it to load after the first few seconds I use it.

View 1 Replies View Related

Apache :: Loading Assets With Assetic Is So Slow

Dec 18, 2013

I am working with wamp on development phase. We have a Symfony 2 project and I am using Assetic to manage the assets. (no filter used for my test, so no compression or whatever).

I know I am in the development mode and that assetic is meant to work differently on prod environment but the loading of js, css and images is so slow (could be 30s for a dozen css, a dozen js -most of them are already minified- and 4 images, I am using firebug to check) that I wonder if there is a problem with Apache.

View 10 Replies View Related

Apache :: HTML5 Media Loading Sometimes Suspends Or Aborts

Aug 29, 2014

Recently, some code on a web application that has been working fine for months started to run unexpectedly. That code is just a media files loading JavaScript function, that uses jQuery. It's pretty long, but in essence it is like this:

Code:
var $audio=$('<audio>');
$audio.on('canplaythrough',function(e){
$audio[0].play();
});
$audio.attr('src','song.ogg');

Basically, the file only loads sometimes, and sometimes stops loading with a suspend or even an abort event.

I have uploaded a little testing HTML to [URL] .... , where you can see what's happening. You can download the test files from[URL] .... for local testing.

I have just checked that opening the test index.html file directly into Firefox, and not through my localhost Apache server, makes the audio files perfectly playable. So, I assume, my hosting and I have the Apache server misconfigured for serving media files.

My software versions are: Linux Mint 13, Apache 2.2.22-1ubuntu1.7 , Mozilla Firefox 31.0 , Chromium 36.0.1985.125 and jQuery 1.11.0.

My Apache server configuration is very basic. I have just installed the package, alongside the php mod, and modified very little on the conf file. I think the problem is not related to my specific configuration, and many other people would be able to reproduce it on they own.

I have checked the Apache error.log after a suspended loading, but nothing was added to it.

View 4 Replies View Related

Apache :: Images Not Loading In Reverse Proxy In Ubuntu

Apr 12, 2013

I've set up a reverse proxy using the Ubuntu Apache2 package (2.2.2, with evidently an old version of mod_proxy_html), and it's about 50% functional, but certain images aren't loading.

I've tried with and without ProxyHTMLExtended on, but even with it on I'm not convinced that any non-inline scripts or CSS files are being properly handled, as they are being directed to my local root directory instead of /app1/, and when it is on, I can no longer log in to the internal webapp.

In the log, the only errors that stand out to me are those referencing things from relative root directories, like /images/* and /ajax/*. The image files are coming from separate CSS files, and it doesn't tell me where exactly the ajax references are originating.

Here is the relevant part of my VH config:

ProxyRequests Off
ProxyPass /app1/ http://example.com/
ProxyHTMLURLMap http://example.com /app1

ProxyHTMLLogVerbose On
LogLevel debug

<Location /app1/>
ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap / /app1/
ProxyHTMLURLMap /images([^)]*) url(/app1/images$1) Rih
ProxyHTMLURLMap url(http://example.com([^)]*)) url(http://localhost/app1/) Rih
RequestHeader unset Accept-Encoding
</Location>

And here's an example of the errors:

[Thu Apr 11 23:22:50 2013] [error] [client 127.0.0.1] File does not exist: /var/www/images, referer: http://localhost/app1/css/examplefile.css
[Thu Apr 11 23:31:00 2013] [error] [client 127.0.0.1] File does not exist: /var/www/ajax, referer: http://localhost/app1/admin/

Comparing the source to the proxied version, I see that the images are going from "/images/*" to "/var/www/images/*".

View 1 Replies View Related

Videos Not Loading/ Loading Very Slow

Dec 5, 2008

I have been having soooo many issues with this new server

It is nothing against my host; but now the videos aren't loading or loading so slow

What could be the issue? It would have to be a server issue, correct?

The site is nsfw but it is ftw (hint hint) , it is an adult site and I don't know if

View 11 Replies View Related

Is Anyone Here Using SElinux On A Web Server

Nov 6, 2009

Is anyone here using SElinux on a web server?

If so, how hard was that to setup?

View 1 Replies View Related

Selinux (ping)

Jul 26, 2008

My server ping keeps disconnecting

However my ssh & website is smooth running!

When i type "service iptables stop", the ping runs just smoothly.

I have CSF installed in the server, like any other server using default configurations. I believe it has something to do with selinux? (or not?)

View 2 Replies View Related

Disabling SeLinux Enforcing

Apr 7, 2007

I am not expert in linux box.... Actually I have found a problem in my machine, our clients are not able to access their sites from server, when I checked the system log it was related to Permission Denied. Someone told me to disable SELinux enforcing, Now after that my problem resolved.

But I am curious that what exactly Selinux is and what kind of issue it may create for my box if I disable it?

View 4 Replies View Related

Selinux/Adaptec Driver

Oct 21, 2007

I am having quite a challenge getting openvz to work on centos 5 with a adaptec RAID card.

The driver likes the plain jane kernel..but then...

Configuration [OpenVZ (2.6.18-8.1.14.el5.028stab045.1)]

***NOTICE: /boot/vmlinuz-2.6.18-8.1.14.el5.028stab045.1 is not a kernel. Skipping.

There is also another issue not being able to disable Selinux.
I have tried the normal routes and even attempted disabling it in rc.sysinit..still...this "security framework" is able to load it..and cause problems.

Openvz and SeLinux don't get along..even a little bit.

So..those are the two probably seperate issues...that prevent the poor server from booting.

View 1 Replies View Related

Preventing DDoS

Apr 4, 2007

I'm just wondering what a few good techniques to prevent DDoS would be. What causes them? How can I protect my server against them? I noticed that Apache has something called mod_evasive which helps against them. Does lighttpd have something like this?

View 9 Replies View Related

Custom SELinux Policies For Their Cpanel Server

Apr 11, 2008

Has anyone wrote custom SELinux policies for their cpanel server?

View 1 Replies View Related

Preventing Certain Processes From Using A Certain Load..

Jul 22, 2008

Is there a way to prevent a certain service from taking up a certain amount of load on the server?

Like, shouldn't there be a way I can tell gzip or exim how much server load they are allowed to take up on my server?

I know it may run them slower, but it will be for the better if I could set each one to only be able to have a max load peak or something.

View 7 Replies View Related

Preventing Hotlinking Of Images

Sep 15, 2007

The images I am trying to block are on page generated by a simple PHP script on my server. The offender has replicated what I am doing with ASP on their server. They are hotlinking to my images for the resulting page. They left my website's name on them, so they must think that giving credit is enough.

I'm going to be contacting them to stop but I also want to see if there is a way for me to prevent it from happening in the first place.

I tried mod_rewrite...

Code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^[url].*$ [NC]
RewriteRule .(gif|jpg)$ - [F]

I know mod_rewrite works on my server because I've been using it for some other things.

However, whenever I enable the above code (add it to the directives and restart apache - have also tried just putting it in a .htaccess file in the appropriate directory), I end up with images still being allowed on my domain and the other domain I'm trying to stop from using my images. Do you think it could have to do with an absent referrer? I read that the code doesn't work if the referrer is blank. What else would cause this not to work? Obviously the domain would have to be correct, but it doesn't block from my domain OR the offending domain.

I tried another method:

Code:
<FilesMatch ".(gif¦jpg¦png)$">
SetEnvIfNoCase Referer ^$ allow_image
SetEnvIfNoCase Referer ^[url] allow_image
Order Deny,Allow
Deny from all
Allow from env=allow_image
</FilesMatch>

This one blocked images to the offending domain, but it also blocked mine!

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved