PHP file can access global net from terminal, but not from apache

Question

I have a following problem. We have a private server running on CentOS in our corporate network. The proxy server is on Windows running NTLMV2 authentification.

So, I installed cntlm on my CentOS server in order to have access to the required resources. Everything worked fine. By everything I mean, that curl, wget and yum work correctly with this cntlm proxy when ran from the terminal.

However, one thing does not work. We also have Apache + PHP + MySQL instance running on this server. And the trick is - it cannot access the proxy somehow. Here is the sample PHP file working with curl:

<?php
$url = "http://www.google.com";
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_PROXY, 'http://127.0.0.1:3128');
$data = curl_exec($ch);
if ($data == FALSE) echo curl_error($ch);
curl_close($ch);
var_dump($data);
?>

When I execute this from the command line:

php curl.php | tail -n 10

Everything works great, it can access the global resource via this proxy. However, if I run it from the browser page, Apache cannot connect, giving the error "Failed to connect to 127.0.0.1: Permission denied"

Answer 1

It's been a long time since I started this question, but I finally found the solution. It turns out the problem is with SELinux privileges, that by default do not allow Apache to execute scripts, that try to access network.

In order to solve the problem, you need to run the following command:

setsebool -P httpd_can_network_connect on

More info can be found here.