1
curl http://example.com

data retrieved ok

sudo -u apache curl http://example.com

20 seconds later

curl: (7) couldn't connect to host

What would cause this, and how can I change it? I'm running some code as apache (mostly due to file permissions), and that code needs to be able to connect to another server.

Based on another question (Block outgoing connections for certaing uids (root, apache, nobody)) I thought maybe the answer would be in /etc/iptables, but that file doesn't use -m owner:

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

SELinux is in permissive mode, as far as I can tell:

cat /selinux/enforce
0

What else could be causing this? RHEL 6.2.

Community
  • 1
Steve Bennett
  • 5,539
  • 12
  • 45
  • 57

1 Answers1

2

Ok, figured it out - it was a proxy issue. There was a proxy environment variable set in my start up scripts, that doesn't get called for apache.

Steve Bennett
  • 5,539
  • 12
  • 45
  • 57