Problems with phpMyAdmin on other end of SSH Tunnel

Hi there,

We've got a bit of a weird issue with phpMyAdmin on one of our production servers running a basic LAMP setup behind a Cisco ASA5505 firewall appliance.

ssh and http/https are allowed through the firewall and everything works as expected.

We have installed phpmyadmin originally from rpm (v 2.11.11.3) and then removed the rpm and installed the latest tarball (v 3.4.10.2) to see if it would resolve the issue to no avail.

If we allow phpmyadmin to be open to the world, then it all works 100% ok.

To secure the install, we have set the Apache Directory directive to allow from the local private ip only. And then setup an ssh tunnel on our putty clients to tunnel through to port 80 from local port 8080.

For the most part this works, with us connecting to http://localhost:8080/mysqladmin/ and most tasks are working ok.

The problem comes when we have selected a database and table, and then try to use the SQL tab for manual queries. The page only seems to half load on this tab only.

This isnt isolated to one specific table or database either.

We have tried different versions of phpmyadmin as well as different local ports on the tunnel to no avail. The apache access/error logs show no problems with HTTP 200 responses. We have even tried multiple browsers with no difference.

Running out of ideas to try now if anyone has any suggestions as to what could be causing this half page load.
VoneServsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sudeep SharmaTechnical DesignerCommented:
Not sure if this could resolve your issue, but did you enabled the inspection on ASA for HTTP protocol? To disable it on router in config mode type

no fixup protocol http 80

port 80 could be replaced by any other port that you might be using for http.

I hope that would help.

Sudeep
0
VoneServsAuthor Commented:
Thanks for the suggestion Sudeep, but ive just checked the config of the ASA and the inspection isnt enabled, i even ran the negating command to be sure :)
0
Sudeep SharmaTechnical DesignerCommented:
>>>>If we allow phpmyadmin to be open to the world, then it all works 100% ok.
Could you please define what does that mean? Does that mean Anywhere to Anywhere port 80 Allow?

>>>>>To secure the install, we have set the Apache Directory directive to allow from the local private ip only.
Is localhost allowed here?

Sudeep
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

VoneServsAuthor Commented:
By open to the world i mean not restricted by ip in the apache config.

When it is restricted we use the following;

<Directory "/var/www/mysql">
  Order Deny,Allow
  Deny from all
  Allow from 10.0.0.2
</Directory>

Open in new window


With Allow from all, and therefore without the need for the ssh tunnel, anyone can access the phpmyadmin without issue. Its only when we limit using the Directory directives above that we cannot access the page from anywhere and then use the ssh tunnel to access the phpmyadmin pages.
0
arnoldCommented:
Is phpmyadmin an the same server as the MySQL instance? Do you provide the login with the user, password? I am not clear on what the issue is. I.e is your php access is such that a subsequent access points to the wrong location?
I.e. you access as http://www.yourdomain.com/phpmyadmin
But after the login, if you look at the source it tries to access the internal links as http://www.yourdomain.com:8080/path/phpmyadmin?

Do you have a reverse proxy infont of it?

8080 often suggests a tomcat setup.
0
VoneServsAuthor Commented:
Hi arnold,

Yes, phpmyadmin is on the same server as the mysql instance.

Basically;
- without the apache deny/allow i can go to http://www.domain.com/mysqladmin/ and login fine and use all features of phpmyadmin.

- with the apache deny/allow i can no longer access phpmyadmin as above (which is expected!) and so therefore i add an ssh tunnel to the host to tunnel any local port to remote port 80. with this tunnel in place i then go to http://localhost:8080/mysqladmin/. I can login fine and use 95% of the phpmyadmin features, the only problem we have is that in this setup the SQL command page under any db/table only half loads.
0
VoneServsAuthor Commented:
For any future readers i have managed to solve this with a bit of digging around.

After finding a similar issue (from 4 years ago) with trac (http://trac.edgewall.org/ticket/7089) where the issue was determined to be putty, i did my own tests, i logged the ssh conversation and could see that the entire page was received through the tunnel, but not received by the browser.

On checking putty bug list i found the following report; http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/half-closed.html This has been fixed in the latest snapshot download of putty.

Using the latest snapshot solves the issue i was having.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
VoneServsAuthor Commented:
Doing my own research i managed to find my own solution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSH / Telnet Software

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.