note
betterworld
<blockquote><em>SELinux is blocking httpd processes from connecting to the net (probably to stop hackers from attacking other machines from httpd)</em></blockquote>
<p>There is another reason to keep the webserver from accessing the internet. Sometimes web applications have security holes that allow an attacker to execute a program that is available on the net, like with PHP's remote include "feature". Or the attacker's payload (like a spambot or rootkit) might be too big for a vulnerable web form.</p>
<p>While it should be preferable to avoid having security holes in web applications; I think it is prudent to make it hard to exploit a vulnerability to take over a system. Therefore I suggest that you think carefully before disabling these security measures.</p>
712850
712986