I have a very simple test script:
<?php$DSN = "mysql:host=db.example.edu;port=3306;dbname=search_data";try { $DB = new PDO($DSN, "username", "super-secret-password!");} catch (PDOException $e) { header('Content-Type: text/plain'); print "Could not connect to database, rawr. :-("; exit;}$SQL = "SELECT phrase FROM search ORDER BY RAND() LIMIT 10";foreach ($DB->query($SQL) as $row) { print $row['phrase']."n";}?>When I execute this script from the command line, it works perfectly:
$ php test.phpcorporal punishmentStretchesvoluntary agencies and the resettlement of refugeesmusic and learningNike Tiger Woods ScandalHermeneiaPSYCHINFOanthony bourdainBlack-White Couples and their Social Worldscolonization, hodgeBut when I access the exact same script through my web browser, it says:
Could not connect to database, rawr. :-(I’ve tried var_dump on the error, and the message is: “SQLSTATE[HY000] [2003] Can’t connect to MySQL server on ‘db.example.edu’ (13)”.
This is puzzling. It’s the exact same script on the exact same server — why does it work when I execute it from the command line, but fail when Apache executes it?
Advertisement
Answer
If this is a Red Hat-derived distribution (RHEL, CentOS, Fedora, ScientificLinux) running SELinux (or any non Red Hat derivative using SELinux), the default policy setting at time of this writing is to prohibit Apache from making external connections to other servers or databases. As root, you must enable the following two SELinux booleans. Use the -P option to persist the change across a reboot.
setsebool -P httpd_can_network_connect=1setsebool -P httpd_can_network_connect_db=1Note that httpd_can_network_connect may not be necessary. Try it first turning on only httpd_can_network_connect_db.