Solved

Problems with phpMyAdmin on other end of SSH Tunnel

Posted on 2012-04-10
8
683 Views
Last Modified: 2012-04-16
Hi there,

We've got a bit of a weird issue with phpMyAdmin on one of our production servers running a basic LAMP setup behind a Cisco ASA5505 firewall appliance.

ssh and http/https are allowed through the firewall and everything works as expected.

We have installed phpmyadmin originally from rpm (v 2.11.11.3) and then removed the rpm and installed the latest tarball (v 3.4.10.2) to see if it would resolve the issue to no avail.

If we allow phpmyadmin to be open to the world, then it all works 100% ok.

To secure the install, we have set the Apache Directory directive to allow from the local private ip only. And then setup an ssh tunnel on our putty clients to tunnel through to port 80 from local port 8080.

For the most part this works, with us connecting to http://localhost:8080/mysqladmin/ and most tasks are working ok.

The problem comes when we have selected a database and table, and then try to use the SQL tab for manual queries. The page only seems to half load on this tab only.

This isnt isolated to one specific table or database either.

We have tried different versions of phpmyadmin as well as different local ports on the tunnel to no avail. The apache access/error logs show no problems with HTTP 200 responses. We have even tried multiple browsers with no difference.

Running out of ideas to try now if anyone has any suggestions as to what could be causing this half page load.
0
Comment
Question by:VoneServs
  • 5
  • 2
8 Comments
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 37827949
Not sure if this could resolve your issue, but did you enabled the inspection on ASA for HTTP protocol? To disable it on router in config mode type

no fixup protocol http 80

port 80 could be replaced by any other port that you might be using for http.

I hope that would help.

Sudeep
0
 

Author Comment

by:VoneServs
ID: 37828045
Thanks for the suggestion Sudeep, but ive just checked the config of the ASA and the inspection isnt enabled, i even ran the negating command to be sure :)
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 37828082
>>>>If we allow phpmyadmin to be open to the world, then it all works 100% ok.
Could you please define what does that mean? Does that mean Anywhere to Anywhere port 80 Allow?

>>>>>To secure the install, we have set the Apache Directory directive to allow from the local private ip only.
Is localhost allowed here?

Sudeep
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:VoneServs
ID: 37829099
By open to the world i mean not restricted by ip in the apache config.

When it is restricted we use the following;

<Directory "/var/www/mysql">
  Order Deny,Allow
  Deny from all
  Allow from 10.0.0.2
</Directory>

Open in new window


With Allow from all, and therefore without the need for the ssh tunnel, anyone can access the phpmyadmin without issue. Its only when we limit using the Directory directives above that we cannot access the page from anywhere and then use the ssh tunnel to access the phpmyadmin pages.
0
 
LVL 77

Expert Comment

by:arnold
ID: 37830994
Is phpmyadmin an the same server as the MySQL instance? Do you provide the login with the user, password? I am not clear on what the issue is. I.e is your php access is such that a subsequent access points to the wrong location?
I.e. you access as http://www.yourdomain.com/phpmyadmin
But after the login, if you look at the source it tries to access the internal links as http://www.yourdomain.com:8080/path/phpmyadmin?

Do you have a reverse proxy infont of it?

8080 often suggests a tomcat setup.
0
 

Author Comment

by:VoneServs
ID: 37832056
Hi arnold,

Yes, phpmyadmin is on the same server as the mysql instance.

Basically;
- without the apache deny/allow i can go to http://www.domain.com/mysqladmin/ and login fine and use all features of phpmyadmin.

- with the apache deny/allow i can no longer access phpmyadmin as above (which is expected!) and so therefore i add an ssh tunnel to the host to tunnel any local port to remote port 80. with this tunnel in place i then go to http://localhost:8080/mysqladmin/. I can login fine and use 95% of the phpmyadmin features, the only problem we have is that in this setup the SQL command page under any db/table only half loads.
0
 

Accepted Solution

by:
VoneServs earned 0 total points
ID: 37832406
For any future readers i have managed to solve this with a bit of digging around.

After finding a similar issue (from 4 years ago) with trac (http://trac.edgewall.org/ticket/7089) where the issue was determined to be putty, i did my own tests, i logged the ssh conversation and could see that the entire page was received through the tunnel, but not received by the browser.

On checking putty bug list i found the following report; http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/half-closed.html This has been fixed in the latest snapshot download of putty.

Using the latest snapshot solves the issue i was having.
0
 

Author Closing Comment

by:VoneServs
ID: 37850291
Doing my own research i managed to find my own solution.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question