Troubleshoot SELinux Centos7 Apache

On my test environment, I had an permission denied issue with a simple HTML file. Shit all permissions looking good … but wait a minute SELinux was activated and I did not want to disable it. Here is the simple solution.


# check SELinux status
$ sestatus

# check SELinux security context
$ ls -lahZ /var/www/html/
-rw-r--r--. root root unconfined_u:object_r:user_tmp_t:s0 demo.html
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html

# change the SELinux security context (use RFILE's security context)
$ chcon --reference /var/www/html/index.html /var/www/html/demo.html

Cool … the problem is solved. All pages are visible without permission issues. It also works recursively if several files are affected.

# change security context recursive
$ chcon -Rv --type=httpd_sys_content_t /var/www/html

Local HAR viewer on Mac OS X

There are several HAR file viewers online but sometimes you need the HAR viewer offline. It is very simple for Mac OS X user to get a local instance running.



The first step is generating HAR file.

# create HAR log file
$ phantomjs netsniff.js "" > ~/Desktop/result.har

Now download the latest and unzip into the user “Sites” folder. Rename the folder and setting up the permissions.

# go into Downloads
$ cd ~/Downloads/

# create new folder
$ mkdir harviewer

# unzip into new folder
$ unzip -d harviewer

# move folder into user sites
$ mv harviewer ~/Sites/

# go into sites and change access rights
$ cd ~/Sites/
$ chmod +x harviewer/


Now open a browser and call URL like: “http://localhost/~<user>/harviewer/“. As last step drag the generated HAR file into the browser. You should see something like this:

HAR viewer result

Yosemite – Apache and PHP at user level

Mac OS X include Apache server and PHP, but since some version by default only at root level. To start the Apache on root level simple use the following commands.

# start Apache
$ sudo apachectl start

# restart Apache
$ sudo apachectl restart

# stop Apache
$ sudo apachectl stop

After starting the Apache server, on browser you can use the URL “http://localhost”. You should see something like: “It Works”. The location for files is “/Library/WebServer/Documents/”.

Small note
I have to apologize! The security policies of my provider do not allow the usage or combination for special words. Therefore, at various points images were used.

User level

Now we create the Apache on user level with a few configuration steps.

# Create folder (if not exists)
$ mkdir ~/Sites

Inside this folder create a simple PHP file (index.php)

<?php phpinfo(); ?>

In the third step, the configuration file of the user is created. The name always includes the user name!

$ cd /etc
$ vi /apache2/users/<username>.conf

Add the following content and save

<Directory "/Users/<username>/Sites/">
  AllowOverride All
  Options Indexes MultiViews FollowSymLinks
  Require all granted

Check the access permissions for “-rw-r–r–” or “664”! To enable the configuration, open the “httpd-userdir.conf” and uncomment one line above <IfModule>.

$ cd /etc
$ sudo vi apache2/extra/httpd-userdir.conf


In the last step, only the correct modules must be loaded.


Now uncomment the LoadModule lines for “” and “” and include for user home.

LoadModule userdir_module libexec/apache2/
LoadModule php5_module libexec/apache2/

user home include

Thats it! If you now start/restart the Apache and call the URL “http://localhost/~<username>/” in your browser, you should see the parsed content of PHP file.