Solved

Problems with phpMyAdmin on other end of SSH Tunnel

Posted on 2012-04-10
8
668 Views
Last Modified: 2012-04-16
Hi there,

We've got a bit of a weird issue with phpMyAdmin on one of our production servers running a basic LAMP setup behind a Cisco ASA5505 firewall appliance.

ssh and http/https are allowed through the firewall and everything works as expected.

We have installed phpmyadmin originally from rpm (v 2.11.11.3) and then removed the rpm and installed the latest tarball (v 3.4.10.2) to see if it would resolve the issue to no avail.

If we allow phpmyadmin to be open to the world, then it all works 100% ok.

To secure the install, we have set the Apache Directory directive to allow from the local private ip only. And then setup an ssh tunnel on our putty clients to tunnel through to port 80 from local port 8080.

For the most part this works, with us connecting to http://localhost:8080/mysqladmin/ and most tasks are working ok.

The problem comes when we have selected a database and table, and then try to use the SQL tab for manual queries. The page only seems to half load on this tab only.

This isnt isolated to one specific table or database either.

We have tried different versions of phpmyadmin as well as different local ports on the tunnel to no avail. The apache access/error logs show no problems with HTTP 200 responses. We have even tried multiple browsers with no difference.

Running out of ideas to try now if anyone has any suggestions as to what could be causing this half page load.
0
Comment
Question by:VoneServs
  • 5
  • 2
8 Comments
 
LVL 29

Expert Comment

by:Sudeep Sharma
Comment Utility
Not sure if this could resolve your issue, but did you enabled the inspection on ASA for HTTP protocol? To disable it on router in config mode type

no fixup protocol http 80

port 80 could be replaced by any other port that you might be using for http.

I hope that would help.

Sudeep
0
 

Author Comment

by:VoneServs
Comment Utility
Thanks for the suggestion Sudeep, but ive just checked the config of the ASA and the inspection isnt enabled, i even ran the negating command to be sure :)
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
Comment Utility
>>>>If we allow phpmyadmin to be open to the world, then it all works 100% ok.
Could you please define what does that mean? Does that mean Anywhere to Anywhere port 80 Allow?

>>>>>To secure the install, we have set the Apache Directory directive to allow from the local private ip only.
Is localhost allowed here?

Sudeep
0
 

Author Comment

by:VoneServs
Comment Utility
By open to the world i mean not restricted by ip in the apache config.

When it is restricted we use the following;

<Directory "/var/www/mysql">
  Order Deny,Allow
  Deny from all
  Allow from 10.0.0.2
</Directory>

Open in new window


With Allow from all, and therefore without the need for the ssh tunnel, anyone can access the phpmyadmin without issue. Its only when we limit using the Directory directives above that we cannot access the page from anywhere and then use the ssh tunnel to access the phpmyadmin pages.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 76

Expert Comment

by:arnold
Comment Utility
Is phpmyadmin an the same server as the MySQL instance? Do you provide the login with the user, password? I am not clear on what the issue is. I.e is your php access is such that a subsequent access points to the wrong location?
I.e. you access as http://www.yourdomain.com/phpmyadmin
But after the login, if you look at the source it tries to access the internal links as http://www.yourdomain.com:8080/path/phpmyadmin?

Do you have a reverse proxy infont of it?

8080 often suggests a tomcat setup.
0
 

Author Comment

by:VoneServs
Comment Utility
Hi arnold,

Yes, phpmyadmin is on the same server as the mysql instance.

Basically;
- without the apache deny/allow i can go to http://www.domain.com/mysqladmin/ and login fine and use all features of phpmyadmin.

- with the apache deny/allow i can no longer access phpmyadmin as above (which is expected!) and so therefore i add an ssh tunnel to the host to tunnel any local port to remote port 80. with this tunnel in place i then go to http://localhost:8080/mysqladmin/. I can login fine and use 95% of the phpmyadmin features, the only problem we have is that in this setup the SQL command page under any db/table only half loads.
0
 

Accepted Solution

by:
VoneServs earned 0 total points
Comment Utility
For any future readers i have managed to solve this with a bit of digging around.

After finding a similar issue (from 4 years ago) with trac (http://trac.edgewall.org/ticket/7089) where the issue was determined to be putty, i did my own tests, i logged the ssh conversation and could see that the entire page was received through the tunnel, but not received by the browser.

On checking putty bug list i found the following report; http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/half-closed.html This has been fixed in the latest snapshot download of putty.

Using the latest snapshot solves the issue i was having.
0
 

Author Closing Comment

by:VoneServs
Comment Utility
Doing my own research i managed to find my own solution.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now