fopen on all URLs has started hanging

I have two systems which have had no changes applied to it, but which have suddenly stopped being able to fopen Internet URLs. However curl and wget work fine with the same URLs. URLs on the LAN work fine.

It hangs 120 secs (i.e. 2 x default_socket_timeout) and then generates the warning: failed to open stream: HTTP request failed! [Before you ask... The php.ini file has allow_url_fopen = On.]

I am told that there have been no changes to the servers. I know that the switch has had some changes, and the local URLs do not go through the switch (being on the LAN).

Any suggestions why PHP's connect should be any different from curl's?

yast2 -i php5-curl
[rstaveley@mims2 bin]$ date;php5 -r 'fopen("http://192.0.32.10", "r");';date
Tue Apr 13 17:09:14 EDT 2010
PHP Warning:  fopen(192.0.32.10): failed to open stream: HTTP request failed!  in Command line code on line 1
Tue Apr 13 17:11:14 EDT 2010
[rstaveley@mims2 bin]$ date;php5 -r 'fopen("http://126.110.15.102", "r");';date
Tue Apr 13 17:14:55 EDT 2010
Tue Apr 13 17:14:55 EDT 2010
[rstaveley@mims2 bin]$ date;php5 -r 'fopen("http://126.110.15.101", "r");';date
Tue Apr 13 17:15:22 EDT 2010
Tue Apr 13 17:15:22 EDT 2010

Open in new window

LVL 17
rstaveleyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mattibuttCommented:
test with common web resource like google, there might be change in your network firewall anything could affect
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rstaveleyAuthor Commented:
Telnet-ing into port 80 gets the same results as PHP.

Local addresses work when you GET / HTTP/1.0

Internet addresses connect, but do not return data.
[rstaveley@mims2 bin]$ telnet 126.110.15.101 80
Trying 126.110.15.101...
Connected to 126.110.15.101.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.1 200 OK
....etc... Success :-)

[morrell@mims2 bin]$ telnet 192.0.32.10 80
Trying 192.0.32.10...
Connected to 192.0.32.10.
Escape character is '^]'.
GET / HTTP/1.0

[Nothing :-(]

Open in new window

0
rstaveleyAuthor Commented:
I get the same with google.com and example.com. OK with cURL. Not OK with PHP or indeed telnet to PORT 80. I see it connect and send data and get nothing back.
0
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

mattibuttCommented:
is your port 80 outbound open check the server configuration it could also be php configuration
0
rstaveleyAuthor Commented:
> is your port 80 outbound open

Yes, it works with cURL. You can see it connect with telnet too, but no data comes back.

> it could also be php configuration

Any ideas? I must say that the telnet test suggests that it isn't only PHP which is failing to open URL streams. It sounds like Perl's LWP and cURL work reliably, but PHP and using telnet by hand is somehow getting clobbered by the switch.
0
rstaveleyAuthor Commented:
Lynx also works.

The following lower level PHP also doesn't work:
<?php
$fp = fsockopen("www.example.com", 80, $errno, $errstr, 30);
if (!$fp) {
    echo "$errstr ($errno)<br />\n";
} else {
    $out = "GET / HTTP/1.1\r\n";
    $out .= "Host: www.example.com\r\n";
    $out .= "Connection: Close\r\n\r\n";
    fwrite($fp, $out);
    while (!feof($fp)) {
        echo fgets($fp, 128);                                                }
    }
    fclose($fp);
}

Open in new window

0
rstaveleyAuthor Commented:
...Hmm actually that last PHP does work, but not always
0
mattibuttCommented:
have you checked apache log whats going on there in error log as well access log
0
rstaveleyAuthor Commented:
No clues there, alas. I'm doing most of my testing with the CLI. There is no information in the apache log though, when I test with a web page.
0
mattibuttCommented:
i guess thats the limit of command line, since when you experienced this problem did it start today or its been happening for a while
0
basicerCommented:
Sounds like your have some sort of proxying, redirecting, or something to that effect happening.  Try a

  curl -L -I <url> for more infromation on whats going on.
0
rstaveleyAuthor Commented:
Couple of days. I've no doubt that the switch is what's changed. It is a SuSE system, and I notice that the YAST package manager is also unable to fetch from sources, so I can't install php5-curl to see if the PHP cURL library is the way to go with this. Otherwise there is a lot of code to edit.
0
rstaveleyAuthor Commented:
[rstaveley@mims2 bin]$  curl -L -I http://example.com
HTTP/1.1 200 OK
Date: Tue, 13 Apr 2010 23:11:43 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 15 Nov 2005 13:24:10 GMT
ETag: "24ec5-1b6-4059a80bfd280"
Accept-Ranges:  none
Content-Length: 438
Connection: close
Content-Type: text/html; charset=UTF-8
0
rstaveleyAuthor Commented:
Verbose:

[rstaveley@mims2 bin]$ curl -v -L -I http://example.com
* About to connect() to example.com port 80
*   Trying 192.0.32.10... connected
* Connected to example.com (192.0.32.10) port 80
> HEAD / HTTP/1.1
> User-Agent: curl/7.15.1 (x86_64-suse-linux) libcurl/7.15.1 OpenSSL/0.9.8a zlib/1.2.3 libidn/0.6.0
> Host: example.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Tue, 13 Apr 2010 23:13:28 GMT
Date: Tue, 13 Apr 2010 23:13:28 GMT
< Server: Apache/2.2.3 (CentOS)
Server: Apache/2.2.3 (CentOS)
< Last-Modified: Tue, 15 Nov 2005 13:24:10 GMT
Last-Modified: Tue, 15 Nov 2005 13:24:10 GMT
< ETag: "24ec5-1b6-4059a80bfd280"
ETag: "24ec5-1b6-4059a80bfd280"
< Accept-Ranges:  none
Accept-Ranges:  none
< Content-Length: 438
Content-Length: 438
< Connection: close
Connection: close
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8

* Closing connection #0
0
basicerCommented:
I think your problem is related to something called SELinux.  As root try typing:
setenforce 0
as root on the command line and then trying your php script.

0
rstaveleyAuthor Commented:
Nice idea. I read that AppArmor is SuSE's equivalent of SELinux. I've just tried disabling it as indicated below, but it doesn't fix the problem.

mims2:/etc/security # /etc/init.d/boot.apparmor stop
Unloading AppArmor profiles                                          done
mims2:/etc/security # chkconfig -d boot.apparmor
boot.apparmor             0:off  1:off  2:off  3:off  4:off  5:off  6:off

Open in new window

0
rstaveleyAuthor Commented:
These were helpful suggestions, but the solution lay in having an engineer sort out the switch ... though my own "low level" implementation was not too bad as a stop-gap. It looks like the switch was set up to be intollerant of the high-level implementation. Perhaps the low-level approach is quicker? We'll never know. Thanks for the help anyway, chaps.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.