Re: CGI script connecting via terminal but not via browser

Maybe there's a security system like selinux or AppArmor active that assigns the web server process a different security context than merely sudo'ing into the apache user?

Such a security context could very well prevent it from opening a network connection to another host.

So please consult your system administrator, or if you are your own administrator, read up on security systems.

Perl 6 - the future is here, just unevenly distributed

Comment on Re: CGI script connecting via terminal but not via browser

Replies are listed 'Best First'.
Re^2: CGI script connecting via terminal but not via browser by nkrgupta (Novice) on Sep 18, 2012 at 10:44 UTC
Thanks moritz. I am reading up on selinux now which seems to be enabled on my system, and might be a possible cause. The log file at /var/log/audit/audit.log shows the following entry among other `type=AVC msg=audit(1347964714.394:62458): avc: denied { name_connect } for pid=14917 comm="my_script.cgi" dest=3306 scontext=root:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket`	[reply] [d/l]
Re^3: CGI script connecting via terminal but not via browser by nkrgupta (Novice) on Sep 18, 2012 at 13:27 UTC
Fixed it! It was indeed a selinux issue, which by default was preventing httpd to establish network connections. Had to run the following command to allow it to do so `setsebool -P httpd_can_network_connect=1` Once again, thanks a lot moritz. I thought it might have to do with security settings, just didn't know where to look!	[reply] [d/l]