allow_httpd_anon_write
-
When disabled, this Boolean allows httpd
to only have read access to files labeled with the public_content_rw_t
type. Enabling this Boolean will allow httpd
to write to files labeled with the public_content_rw_t
type, such as a public directory containing files for a public file transfer service.
allow_httpd_mod_auth_ntlm_winbind
-
Enabling this Boolean allows access to NTLM and Winbind authentication mechanisms via the mod_auth_ntlm_winbind
module in httpd
.
allow_httpd_mod_auth_pam
-
Enabling this Boolean allows access to PAM authentication mechanisms via the mod_auth_pam
module in httpd
.
allow_httpd_sys_script_anon_write
-
This Boolean defines whether or not HTTP scripts are allowed write access to files labeled with the public_content_rw_t
type, as used in a public file transfer service.
httpd_builtin_scripting
-
This Boolean defines access to httpd
scripting. Having this Boolean enabled is often required for PHP content.
httpd_can_network_connect
-
When disabled, this Boolean prevents HTTP scripts and modules from initiating a connection to a network or remote port. Turn this Boolean on to allow this access.
httpd_can_network_connect_db
-
When disabled, this Boolean prevents HTTP scripts and modules from initiating a connection to database servers. Turn this Boolean on to allow this access.
httpd_can_network_relay
-
Turn this Boolean on when httpd
is being used as a forward or reverse proxy.
httpd_can_sendmail
-
When disabled, this Boolean prevents HTTP modules from sending mail. This can prevent spam attacks should a vulnerability be found in httpd
. Turn this Boolean on to allow HTTP modules to send mail.
httpd_dbus_avahi
-
When off, this Boolean denies httpd
access to the avahi
service via D-Bus
. Turn this Boolean on to allow this access.
httpd_enable_cgi
-
When disabled, this Boolean prevents httpd
from executing CGI scripts. Turn this Boolean on to allow httpd
to execute CGI scripts (CGI scripts must be labeled with the httpd_sys_script_exec_t
type).
httpd_enable_ftp_server
-
Turning this Boolean on will allow httpd
to listen on the FTP port and act as an FTP server.
httpd_enable_homedirs
-
When disabled, this Boolean prevents httpd
from accessing user home directories. Turn this Boolean on to allow httpd
access to user home directories; for example, content in /home/*/
.
httpd_execmem
-
When enabled, this Boolean allows httpd
to execute programs that require memory addresses that are both executable and writeable. Enabling this Boolean is not recommended from a security standpoint as it reduces protection against buffer overflows, however certain modules and applications (such as Java and Mono applications) require this privilege.
httpd_ssi_exec
-
This Boolean defines whether or not server side include (SSI) elements in a web page can be executed.
httpd_tty_comm
-
This Boolean defines whether or not httpd
is allowed access to the controlling terminal. Usually this access is not required, however in cases such as configuring an SSL certificate file, terminal access is required to display and process a password prompt.
httpd_unified
-
When enabled, this Boolean allows httpd_t
complete access to all of the httpd
types (i.e. to execute, read, or write sys_content_t). When disabled, there is separation in place between web content that is read-only, writeable or executable. Disabling this Boolean ensures an extra level of security but adds the administrative overhead of having to individually label scripts and other web content based on the file access that each should have.
httpd_use_cifs
-
Turn this Boolean on to allow httpd
access to files on CIFS file systems that are labeled with the cifs_t
type, such as file systems mounted via Samba.
httpd_use_nfs
-
Turn this Boolean on to allow httpd
access to files on NFS file systems that are labeled with the nfs_t
type, such as file systems mounted via NFS.