php cURL to localhost returns permission denied on an open port

Question

I'm getting a permission denied error when trying to make a cURL request with the php cURL library to localhost on port 4321. This will hopefully be really easy or obvious for someone who's run into this before.

I'm able to make the identical cURL request from another system on the local area network to the production server. For example, if on another system on the local area network I make a request using the function below where $host='http://192.168.1.100:4321' then everything works exactly like it should. If I run on the system itself where $host='http://localhost:4321' or $host='http://127.0.0.1:4321' or $host='::1:4321' then I get a cURL error of "Permission Denied"

The function I wrote for my very simple request is:

function makeRequest($host,$data){
    $ch = curl_init();
    curl_setopt($ch,CURLOPT_URL, $host);
    curl_setopt($ch,CURLOPT_POSTFIELDS, $data);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
    $result = json_decode(curl_exec($ch),true);
    if(!empty(curl_error($ch))){
        $result = print_r(curl_error($ch).' - '.$host);
    }
    curl_close($ch);
    return $result;
}

The system is a centos 7 server. Running firewall-cmd --list-all shows my open ports

ports: 443/tcp 80/tcp 4321/tcp

If you have some idea, or need me to check a setting don't hesitate to ask.

EDIT The hosts file looks like

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

EDIT2

When I use commandline curl against the same port everything comes back alight.

 /]$ curl -v localhost:4321
* About to connect() to localhost port 4321 (#0)
*   Trying ::1...
* Connected to localhost (::1) port 4321 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:4321
> Accept: */*
>
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Cache-Control: no-cache, no-store, must-revalidate
< Content-Length: 774....

A couple of suggestions are 1) to check your `hosts` file and see if `localhost` is mapped to `127.0.0.1` and, if not, to add this entry, and 2) to run `curl` from the command line using the `-v` switch to check the full output and gain better insight. If you run curl on the command line, consider dumping the output here so we can see what's going on. — B. Fleming, Oct 10 '17 at 17:05
Noticed that your first (successful) try had `http://` in front of it while the failed ones didn't. Is that a typo? cURL needs to operate on http(s) — apokryfos, Oct 10 '17 at 17:10
It's sort of a typo. I tried first with the `http://` and then later without it. — Altimus Prime, Oct 10 '17 at 17:16
Could you show us the exact error you're getting? This can help narrow down the issue. — B. Fleming, Oct 10 '17 at 17:40
so, who is listening on that port ? some kind of http server ? if you are truly getting a permission denied (ie not a connection refused) , then the issue may be with the listening process. — YvesLeBorg, Oct 10 '17 at 17:40
The exact error is `Failed to connect to ::1: Permission denied`. I think that YvesLeBorg may be right. There's going to be some baloney on the service itself. — Altimus Prime, Oct 10 '17 at 17:47
@AuntJamaima also check your firewall logs to see if that is not the culprit : intercepting the connection attempt based on some kind of `source` rule. — YvesLeBorg, Oct 10 '17 at 17:53
Check that the PHP user has permission to run curl in the first place. It could be the case that PHP is attempting to access that curl service and doesn't have the necessary execute permissions. — B. Fleming, Oct 10 '17 at 20:01
That's a good idea I hadn't checked until you made the suggestion. Checking phpinfo shows curl as enabled and making requests from the problematic system in php with the cURL library to remote hosts works normally. I think that permission denied is basically a header returned by the service listening on port 4321. — Altimus Prime, Oct 10 '17 at 20:17
Actually, when I check verbose response with headers included there actually isn't any response, header or otherwise. The message `Failed to connect to ::1: Permission denied` is a curl_error() output. — Altimus Prime, Oct 11 '17 at 00:56

score 18 · Accepted Answer · edited Nov 25 '19 at 07:21

18

I found the answer to the problem at: Getting permission denied while Posting xml using Curl?

The problem is SELinux and the solution is to run:

sudo setsebool httpd_can_network_connect 1

It doesn't make sense to me that I could use the php cURL library to access every other website in the world, but not localhost on a different port, while I was able to access the localhost from command line cURL.

edited Nov 25 '19 at 07:21

theduck

2,589
13
17
23

answered Oct 11 '17 at 01:22

Altimus Prime

2,207
2
27
46

use this `user@host /]$ sudo setsebool httpd_can_network_connect 1` remove `=` from above syntax. this works for me. – jems Feb 21 '18 at 06:16

php cURL to localhost returns permission denied on an open port

1 Answers1

Linked