diff --git a/manifests/vhost.pp b/manifests/vhost.pp
index 86e4870..d06f801 100644
--- a/manifests/vhost.pp
+++ b/manifests/vhost.pp
@@ -72,6 +72,20 @@ define httpd::vhost(
     httpd::mod { 'version': ensure => present }
   }
 
+  # selinux may deny directory listing and access to subdirectories
+  # so update context to allow it
+  if $::osfamily == 'RedHat' {
+    if ! defined(Exec["update_context_${docroot}"]) {
+      exec { "update_context_${docroot}":
+        command => "chcon -R -t httpd_sys_content_t ${docroot}/",
+        unless  => "ls -lZ ${docroot} | grep httpd_sys_content_t",
+        path    => '/bin:/usr/bin:/usr/local/bin:/usr/sbin',
+        require => Package['httpd'],
+        notify  => Service['httpd'],
+      }
+    }
+  }
+
   file { "${priority}-${name}.conf":
       path    => "${httpd::params::vdir}/${priority}-${name}.conf",
       content => template($template),
diff --git a/manifests/vhost/proxy.pp b/manifests/vhost/proxy.pp
index a79c927..5c74d52 100644
--- a/manifests/vhost/proxy.pp
+++ b/manifests/vhost/proxy.pp
@@ -66,5 +66,11 @@ define httpd::vhost::proxy (
     notify  => Service['httpd'],
   }
 
-
+  # enable that setting, that allows httpd scripts and
+  # modules to connect to the network
+  if $::osfamily == 'RedHat' {
+    selinux::boolean { 'httpd_can_network_connect':
+      ensure => 'on',
+    }
+  }
 }