SELinux outbound access to other sites with restrictions

view full story

http://unix.stackexchange.com – We have CentOS 6 configured with SELinux to host a number of websites. Unfortunately SELinux is preventing websites from accessing (outbound) sites, such as download.wordpress.com to update wordpress or Joomla installation. We would like to have both SELinux enabled and the ability for these sites to do such connections. Our fear is that we do # setsebool -P httpd_can_network_connect 1 and some 'developer' will create a php script to start outbound spamming resulting in our IP being black listed. Is there a way to enable outbound connections and limit restrict such outbound issues at (HowTos)

Submitted by missing on 02/15/2012 – Made popular on 02/15/2012

Login or register to post comments
Email this page

Stories similar to SELinux outbound access to other sites with restrictions

Limiting OUTBOUND TCP Connections to single IP 3 years 30 weeks ago

I'm having a problem that seems to plague a lot of people judging from my research on the web. I have a hosting provider that limits the number of incoming connections to the shared host to 50 per IP.

I have a single IP for outbound connections and I use Squid as a proxy server.

CentOS 6.3 Virtual under OpenVZ cannot ping, host lookups, outbound connections while postfix running 30 weeks 6 days ago

My best theory is that some kernel limit is being hit preventing outbound connections.

Restrict Outbound Connections of a Windows Server 2008 NAT Router 22 weeks 18 hours ago

I am setting up a Windows Server 2008 R2 lab environment in VMWare workstation and attempting where possible to use Windows Server 2008 R2 to implement machines that serve specific roles within that environment. Using the "Network Policy and Access Services" role I have been able to setup a machine that can server as a NAT router. The issue is that any and all connections are allowed outbound.

RDP over SSH Tunnel 31 weeks 16 hours ago

Hi all, I'm trying have an alternative way of connecting into a Corporate network.

What other rules should I use to allow PPTP outbound connection? 36 weeks 5 days ago

I already allowed outbound connection to TCP/UDP port number 1723, but PPTP connection still fail to establish,

If I allow all outbound connection, the tunnel will just go fine.

Windows firewall - let an application only access 2 ips (outbound) 21 weeks 3 days ago

How do I create a Windows firewall rule that lets application X only open connections (outbound) to two ip addresses, while blocking everything else?

IIS 6 Smart Host Outbound Security 30 weeks 3 days ago

I'm using the IIS 6 smart host setting to forward all email sent through IIS to SendGrid.

It works fine if I set the Outbound Security and smart host settings at the top level of the Default SMTP Virtual Server properties.

But the downside with that is if I want to switch it off or change the smart host, I have to also edit the Outbound Security at the same time.

I thought I could get around th

Cacti Graph does not show actual value for outbound 37 weeks 5 days ago

I have configured cacti on Ubuntu and added a switch as a host. I want to monitor each port of this switch. I have created graphs for that host and have not edited any graph template settings. When I explored graph for a specific port, it does not show actual outbound value. For example if current outbound is 300Mbps, it shows 79Mbps.

[other] **TCP FIN Scan** Help Please 48 weeks 4 days ago

I keep getting the **TCP FIN Scan** message appear in my router's security log and am really worried about it because I don't know if it's anything serious or if it's nothing to worry about.

I keep getting both Inbound and Outbound on them and that is something I'm not too sure about.

Some of the IP Addresses for the Outbound ones are 92.51.171.78, 85.17.76.183 and 176.28.48.217 and they all

SELinux outbound access to other sites with restrictions

Search

Best published stories

Beautiful linux wallpapers

Tags