nerdexam
CompTIA

XK0-004 · Question #415

A systems administrator is installing an HTTPD server on a Linux server and configuring it as a proxy server. The administrator runs the following commands to verify that the service is running: Howev

The correct answer is A. Option A. A 503 error from an HTTPD proxy is commonly caused by SELinux blocking the httpd process from initiating outbound network connections to the backend.

Troubleshooting and Diagnostics

Question

A systems administrator is installing an HTTPD server on a Linux server and configuring it as a proxy server. The administrator runs the following commands to verify that the service is running:

However, the administrator is getting a 503 error when browsing to portal . company. internal. After reviewing the logs, the following error information is discovered:

Which Of the following commands BEST resolves the issue?

Exhibit

XK0-004 question #415 exhibit

Options

  • AOption A
  • BOption B
  • COption C
  • DOption D

How the community answered

(41 responses)
  • A
    66% (27)
  • B
    10% (4)
  • C
    20% (8)
  • D
    5% (2)

Why each option

A 503 error from an HTTPD proxy is commonly caused by SELinux blocking the httpd process from initiating outbound network connections to the backend.

AOption ACorrect

When Apache is used as a reverse proxy, the SELinux policy denies httpd from making outbound TCP connections by default, which causes 503 errors and audit denials in the logs. Running setsebool -P httpd_can_network_connect on enables the corresponding SELinux boolean, granting the httpd process permission to connect to upstream servers. The -P flag writes the change persistently so it survives reboots.

BOption B

Option B does not modify the SELinux boolean that controls whether the httpd process is permitted to initiate outbound network connections.

COption C

Option C does not address the SELinux policy enforcement that is blocking the proxy from forwarding requests to the backend service.

DOption D

Option D does not resolve the underlying SELinux denial recorded in the audit log that prevents httpd from connecting to upstream hosts.

Concept tested: SELinux boolean enabling HTTPD proxy network connections

Source: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/using-selinux-booleans_using-selinux

Topics

#Apache HTTPD#reverse proxy#SELinux boolean#503 error

Community Discussion

No community discussion yet for this question.

Full XK0-004 Practice