Solved

Problems with phpMyAdmin on other end of SSH Tunnel

Posted on 2012-04-10
8
677 Views
Last Modified: 2012-04-16
Hi there,

We've got a bit of a weird issue with phpMyAdmin on one of our production servers running a basic LAMP setup behind a Cisco ASA5505 firewall appliance.

ssh and http/https are allowed through the firewall and everything works as expected.

We have installed phpmyadmin originally from rpm (v 2.11.11.3) and then removed the rpm and installed the latest tarball (v 3.4.10.2) to see if it would resolve the issue to no avail.

If we allow phpmyadmin to be open to the world, then it all works 100% ok.

To secure the install, we have set the Apache Directory directive to allow from the local private ip only. And then setup an ssh tunnel on our putty clients to tunnel through to port 80 from local port 8080.

For the most part this works, with us connecting to http://localhost:8080/mysqladmin/ and most tasks are working ok.

The problem comes when we have selected a database and table, and then try to use the SQL tab for manual queries. The page only seems to half load on this tab only.

This isnt isolated to one specific table or database either.

We have tried different versions of phpmyadmin as well as different local ports on the tunnel to no avail. The apache access/error logs show no problems with HTTP 200 responses. We have even tried multiple browsers with no difference.

Running out of ideas to try now if anyone has any suggestions as to what could be causing this half page load.
0
Comment
Question by:VoneServs
  • 5
  • 2
8 Comments
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 37827949
Not sure if this could resolve your issue, but did you enabled the inspection on ASA for HTTP protocol? To disable it on router in config mode type

no fixup protocol http 80

port 80 could be replaced by any other port that you might be using for http.

I hope that would help.

Sudeep
0
 

Author Comment

by:VoneServs
ID: 37828045
Thanks for the suggestion Sudeep, but ive just checked the config of the ASA and the inspection isnt enabled, i even ran the negating command to be sure :)
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 37828082
>>>>If we allow phpmyadmin to be open to the world, then it all works 100% ok.
Could you please define what does that mean? Does that mean Anywhere to Anywhere port 80 Allow?

>>>>>To secure the install, we have set the Apache Directory directive to allow from the local private ip only.
Is localhost allowed here?

Sudeep
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 

Author Comment

by:VoneServs
ID: 37829099
By open to the world i mean not restricted by ip in the apache config.

When it is restricted we use the following;

<Directory "/var/www/mysql">
  Order Deny,Allow
  Deny from all
  Allow from 10.0.0.2
</Directory>

Open in new window


With Allow from all, and therefore without the need for the ssh tunnel, anyone can access the phpmyadmin without issue. Its only when we limit using the Directory directives above that we cannot access the page from anywhere and then use the ssh tunnel to access the phpmyadmin pages.
0
 
LVL 77

Expert Comment

by:arnold
ID: 37830994
Is phpmyadmin an the same server as the MySQL instance? Do you provide the login with the user, password? I am not clear on what the issue is. I.e is your php access is such that a subsequent access points to the wrong location?
I.e. you access as http://www.yourdomain.com/phpmyadmin
But after the login, if you look at the source it tries to access the internal links as http://www.yourdomain.com:8080/path/phpmyadmin?

Do you have a reverse proxy infont of it?

8080 often suggests a tomcat setup.
0
 

Author Comment

by:VoneServs
ID: 37832056
Hi arnold,

Yes, phpmyadmin is on the same server as the mysql instance.

Basically;
- without the apache deny/allow i can go to http://www.domain.com/mysqladmin/ and login fine and use all features of phpmyadmin.

- with the apache deny/allow i can no longer access phpmyadmin as above (which is expected!) and so therefore i add an ssh tunnel to the host to tunnel any local port to remote port 80. with this tunnel in place i then go to http://localhost:8080/mysqladmin/. I can login fine and use 95% of the phpmyadmin features, the only problem we have is that in this setup the SQL command page under any db/table only half loads.
0
 

Accepted Solution

by:
VoneServs earned 0 total points
ID: 37832406
For any future readers i have managed to solve this with a bit of digging around.

After finding a similar issue (from 4 years ago) with trac (http://trac.edgewall.org/ticket/7089) where the issue was determined to be putty, i did my own tests, i logged the ssh conversation and could see that the entire page was received through the tunnel, but not received by the browser.

On checking putty bug list i found the following report; http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/half-closed.html This has been fixed in the latest snapshot download of putty.

Using the latest snapshot solves the issue i was having.
0
 

Author Closing Comment

by:VoneServs
ID: 37850291
Doing my own research i managed to find my own solution.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Iptables and mirroring ports 4 84
Apache Issues 9 80
Apache / XAMPP  authorisation 10 55
PHP_POST() error message 9 58
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question