Problems with phpMyAdmin on other end of SSH Tunnel

Hi there,

We've got a bit of a weird issue with phpMyAdmin on one of our production servers running a basic LAMP setup behind a Cisco ASA5505 firewall appliance.

ssh and http/https are allowed through the firewall and everything works as expected.

We have installed phpmyadmin originally from rpm (v 2.11.11.3) and then removed the rpm and installed the latest tarball (v 3.4.10.2) to see if it would resolve the issue to no avail.

If we allow phpmyadmin to be open to the world, then it all works 100% ok.

To secure the install, we have set the Apache Directory directive to allow from the local private ip only. And then setup an ssh tunnel on our putty clients to tunnel through to port 80 from local port 8080.

For the most part this works, with us connecting to http://localhost:8080/mysqladmin/ and most tasks are working ok.

The problem comes when we have selected a database and table, and then try to use the SQL tab for manual queries. The page only seems to half load on this tab only.

This isnt isolated to one specific table or database either.

We have tried different versions of phpmyadmin as well as different local ports on the tunnel to no avail. The apache access/error logs show no problems with HTTP 200 responses. We have even tried multiple browsers with no difference.

Running out of ideas to try now if anyone has any suggestions as to what could be causing this half page load.
VoneServsAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
VoneServsConnect With a Mentor Author Commented:
For any future readers i have managed to solve this with a bit of digging around.

After finding a similar issue (from 4 years ago) with trac (http://trac.edgewall.org/ticket/7089) where the issue was determined to be putty, i did my own tests, i logged the ssh conversation and could see that the entire page was received through the tunnel, but not received by the browser.

On checking putty bug list i found the following report; http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/half-closed.html This has been fixed in the latest snapshot download of putty.

Using the latest snapshot solves the issue i was having.
0
 
Sudeep SharmaTechnical DesignerCommented:
Not sure if this could resolve your issue, but did you enabled the inspection on ASA for HTTP protocol? To disable it on router in config mode type

no fixup protocol http 80

port 80 could be replaced by any other port that you might be using for http.

I hope that would help.

Sudeep
0
 
VoneServsAuthor Commented:
Thanks for the suggestion Sudeep, but ive just checked the config of the ASA and the inspection isnt enabled, i even ran the negating command to be sure :)
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
Sudeep SharmaTechnical DesignerCommented:
>>>>If we allow phpmyadmin to be open to the world, then it all works 100% ok.
Could you please define what does that mean? Does that mean Anywhere to Anywhere port 80 Allow?

>>>>>To secure the install, we have set the Apache Directory directive to allow from the local private ip only.
Is localhost allowed here?

Sudeep
0
 
VoneServsAuthor Commented:
By open to the world i mean not restricted by ip in the apache config.

When it is restricted we use the following;

<Directory "/var/www/mysql">
  Order Deny,Allow
  Deny from all
  Allow from 10.0.0.2
</Directory>

Open in new window


With Allow from all, and therefore without the need for the ssh tunnel, anyone can access the phpmyadmin without issue. Its only when we limit using the Directory directives above that we cannot access the page from anywhere and then use the ssh tunnel to access the phpmyadmin pages.
0
 
arnoldCommented:
Is phpmyadmin an the same server as the MySQL instance? Do you provide the login with the user, password? I am not clear on what the issue is. I.e is your php access is such that a subsequent access points to the wrong location?
I.e. you access as http://www.yourdomain.com/phpmyadmin
But after the login, if you look at the source it tries to access the internal links as http://www.yourdomain.com:8080/path/phpmyadmin?

Do you have a reverse proxy infont of it?

8080 often suggests a tomcat setup.
0
 
VoneServsAuthor Commented:
Hi arnold,

Yes, phpmyadmin is on the same server as the mysql instance.

Basically;
- without the apache deny/allow i can go to http://www.domain.com/mysqladmin/ and login fine and use all features of phpmyadmin.

- with the apache deny/allow i can no longer access phpmyadmin as above (which is expected!) and so therefore i add an ssh tunnel to the host to tunnel any local port to remote port 80. with this tunnel in place i then go to http://localhost:8080/mysqladmin/. I can login fine and use 95% of the phpmyadmin features, the only problem we have is that in this setup the SQL command page under any db/table only half loads.
0
 
VoneServsAuthor Commented:
Doing my own research i managed to find my own solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.