• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1506
  • Last Modified:

PHPMyAdmin Error 403

Hey,

I`m stucked with phpmyadmin, let me say what i can do:

I can access the login page
I can log in (as root or normal user)
I can browse on menus

The problem become when i click on check documentation, or when i try run an query, then i get:

Error 403

On my setup i`m using ISPConfig and Debian 6.
The error isnt reported on /var/log/apache2/acces.log or /var/log/apache2/error.log , so i have no idea how to fix it without info.

My /etc/apache2/conf.d/phpmyadmin.conf

# phpMyAdmin default Apache configuration

Alias /phpmyadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin>
	Options FollowSymLinks
	DirectoryIndex index.php

	<IfModule mod_php5.c>
		AddType application/x-httpd-php .php

		php_flag magic_quotes_gpc Off
		php_flag track_vars On
		php_flag register_globals Off
		php_value include_path .
	</IfModule>

</Directory>

# Authorize for setup
# <Directory /usr/share/phpmyadmin/setup>
#    <IfModule mod_authn_file.c>
#    AuthType Basic
#    AuthName "phpMyAdmin Setup"
#    AuthUserFile /etc/phpmyadmin/htpasswd.setup
#    </IfModule>
#    Require valid-user
# </Directory>

# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/libraries>
    Order Deny,Allow
    Deny from All
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
    Order Deny,Allow
    Deny from All
</Directory>

<IfModule mod_rewrite.c>
   <IfModule mod_ssl.c>
      <Location /phpmyadmin>
         RewriteEngine on
         RewriteCond %{HTTPS} !^on$ [NC]
         RewriteRule . https://mymaindomain.com%{REQUEST_URI} [L]
      </Location>
   </IfModule>
</IfModule>

Open in new window


Note:

Loking on goole i found many solutions using:
Allow all directories, etc...
But i`m setting this server for production, then i cant let al access for everyone
0
Wisdown
Asked:
Wisdown
  • 5
  • 2
3 Solutions
 
TobiasCommented:
Dear,

What you could do is to allow for a special ip address or only localhost/127.0.0.1

You could try to logon from the server using http://localhost/phpmyadmin to check where's the denied issue.

Regards
0
 
WisdownAuthor Commented:
Hey Madshiva,

Thanks for the answer!!!
I tried set to my LAN IP , and dindt worked, seems links on debian dont work well on ssl (for localhost).

Other try i did include:

# Order Deny,Allow
# Deny from All
Allow from All
Require all granted

But i got same problem, trying run an query or check the documentation, the error 403 (Forbidden) pop and on apache logs there no info
0
 
TobiasCommented:
Hi !,

Two question with one that could be stupid, but do you restart the apache server after the modification ?

Do you have any htaccess file on the phpmyadmin folder?

Regards
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
WisdownAuthor Commented:
Two question with one that could be stupid, but do you restart the apache server after the modification ?

Yup i did an restart after every change:

/etc/init.d/apache2 restart

Do you have any htaccess file on the phpmyadmin folder?

I dont know, for the phpmyadmin, i have an link for somewhere, when i try:

ls -l

On /etc/apache2/conf.d/ I get this:

../../phpmyamin/apache.conf

So I have no idea where is the source of this link, but on /etc/phpmyadmin there this file:

htpasswd.setup

With this:

admin:*

But is disabled (i hope) on my config.inc.php.

On /usr/share/phpmyadmin/ there no htaccess file also.

Regards,
0
 
WisdownAuthor Commented:
After search more about ispconfig now instead phpmyadmin, i found where is the real place of apache logs for ispconfig users:

/var/log/ispconfig/httpd/domain/access.log and error.log

On log i see this:

[warn] RSA server certificate wildcard CommonName ( CN ) `*.mydomain.com' does NOT match server name!?

[warn] RSA server certificate wildcard CommonName ( CN ) `*.mydomain.com' does NOT match server name!?

[Thu Sep 13 10:33:59 2012] [error] [client XXX.XXX.XXX.XXX] ModSecurity: Access denied with code 403 (phase 4). Pattern match "(?:\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|\\$_(?:(?:pos|ge)t|session))\\b" at RESPONSE_BODY. [file "/etc/apache2/mod-security/modsecurity_crs_50_outbound.conf"] [line "64"] [id "970015"] [msg "PHP source code leakage"] [severity "WARNING"] [tag "LEAKAGE/SOURCE_CODE"] [hostname "mydomain.com"] [uri "/phpmyadmin/Documentation.html"] [unique_id "UFHgx8CoZAMAA98gdOUAAAAE"]

Open in new window


So this mean i will need request another certificate? The one with * (wildcard) is useless?
0
 
WisdownAuthor Commented:
I removed the filters of mod_security:

"/etc/apache2/mod-security/modsecurity_crs_50_outbound.conf"

Then everything is working again.
0
 
WisdownAuthor Commented:
The solution after found and read all logs.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now