mod-xsendfile 404 caused by SELinux

Question

Ok. Wanted to share this - took me 10 hours to figure out.

I had properly installed mod-xsendfile, following the good instructions here.

I also configured xsendfile correctly in my /etc/httpd/conf/httpd.conf file, adding the settings: XSendFile on XSendFilePath /var/files_need_valid_session_to_view/

And I knew my code for generating the X-SENDFILE header was correct: it was working on a different server. However, I was getting 404 errors, no matter what I did. My OS was CentOS 6.4 final.

Answer 1

Label your directory with the correct SELinux label. See How to label an apache directory that is the same case for your folder '/var/files_need_valid_session_to_view/'.

Disabling SELinux is an unnecessary security risk.

Answer 2

Disabling SELinux solved the problem. I'm sure, if this was a production server, that I should configure SELinux to allow Apache to view /var/files_need_valid_session_to_view/, but for my purposes, this was enough.

$ sudo su
  -or-
$ su
# echo 0 >/selinux/enforce    // Note - you cannot just say sudo for this line: the stuff after the carrot will not be super-user.  sudo su, then do this.

-to perminantly disable, across reboots, see the link at the top of my answer-