[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

PHPMyAdmin Error 403

Posted on 2012-09-13
7
Medium Priority
?
1,489 Views
Last Modified: 2012-09-19
Hey,

I`m stucked with phpmyadmin, let me say what i can do:

I can access the login page
I can log in (as root or normal user)
I can browse on menus

The problem become when i click on check documentation, or when i try run an query, then i get:

Error 403

On my setup i`m using ISPConfig and Debian 6.
The error isnt reported on /var/log/apache2/acces.log or /var/log/apache2/error.log , so i have no idea how to fix it without info.

My /etc/apache2/conf.d/phpmyadmin.conf

# phpMyAdmin default Apache configuration

Alias /phpmyadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin>
	Options FollowSymLinks
	DirectoryIndex index.php

	<IfModule mod_php5.c>
		AddType application/x-httpd-php .php

		php_flag magic_quotes_gpc Off
		php_flag track_vars On
		php_flag register_globals Off
		php_value include_path .
	</IfModule>

</Directory>

# Authorize for setup
# <Directory /usr/share/phpmyadmin/setup>
#    <IfModule mod_authn_file.c>
#    AuthType Basic
#    AuthName "phpMyAdmin Setup"
#    AuthUserFile /etc/phpmyadmin/htpasswd.setup
#    </IfModule>
#    Require valid-user
# </Directory>

# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/libraries>
    Order Deny,Allow
    Deny from All
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
    Order Deny,Allow
    Deny from All
</Directory>

<IfModule mod_rewrite.c>
   <IfModule mod_ssl.c>
      <Location /phpmyadmin>
         RewriteEngine on
         RewriteCond %{HTTPS} !^on$ [NC]
         RewriteRule . https://mymaindomain.com%{REQUEST_URI} [L]
      </Location>
   </IfModule>
</IfModule>

Open in new window


Note:

Loking on goole i found many solutions using:
Allow all directories, etc...
But i`m setting this server for production, then i cant let al access for everyone
0
Comment
Question by:Wisdown
  • 5
  • 2
7 Comments
 
LVL 10

Assisted Solution

by:Tobias
Tobias earned 800 total points
ID: 38394065
Dear,

What you could do is to allow for a special ip address or only localhost/127.0.0.1

You could try to logon from the server using http://localhost/phpmyadmin to check where's the denied issue.

Regards
0
 
LVL 1

Author Comment

by:Wisdown
ID: 38394668
Hey Madshiva,

Thanks for the answer!!!
I tried set to my LAN IP , and dindt worked, seems links on debian dont work well on ssl (for localhost).

Other try i did include:

# Order Deny,Allow
# Deny from All
Allow from All
Require all granted

But i got same problem, trying run an query or check the documentation, the error 403 (Forbidden) pop and on apache logs there no info
0
 
LVL 10

Assisted Solution

by:Tobias
Tobias earned 800 total points
ID: 38394714
Hi !,

Two question with one that could be stupid, but do you restart the apache server after the modification ?

Do you have any htaccess file on the phpmyadmin folder?

Regards
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Author Comment

by:Wisdown
ID: 38394797
Two question with one that could be stupid, but do you restart the apache server after the modification ?

Yup i did an restart after every change:

/etc/init.d/apache2 restart

Do you have any htaccess file on the phpmyadmin folder?

I dont know, for the phpmyadmin, i have an link for somewhere, when i try:

ls -l

On /etc/apache2/conf.d/ I get this:

../../phpmyamin/apache.conf

So I have no idea where is the source of this link, but on /etc/phpmyadmin there this file:

htpasswd.setup

With this:

admin:*

But is disabled (i hope) on my config.inc.php.

On /usr/share/phpmyadmin/ there no htaccess file also.

Regards,
0
 
LVL 1

Author Comment

by:Wisdown
ID: 38395240
After search more about ispconfig now instead phpmyadmin, i found where is the real place of apache logs for ispconfig users:

/var/log/ispconfig/httpd/domain/access.log and error.log

On log i see this:

[warn] RSA server certificate wildcard CommonName ( CN ) `*.mydomain.com' does NOT match server name!?

[warn] RSA server certificate wildcard CommonName ( CN ) `*.mydomain.com' does NOT match server name!?

[Thu Sep 13 10:33:59 2012] [error] [client XXX.XXX.XXX.XXX] ModSecurity: Access denied with code 403 (phase 4). Pattern match "(?:\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|\\$_(?:(?:pos|ge)t|session))\\b" at RESPONSE_BODY. [file "/etc/apache2/mod-security/modsecurity_crs_50_outbound.conf"] [line "64"] [id "970015"] [msg "PHP source code leakage"] [severity "WARNING"] [tag "LEAKAGE/SOURCE_CODE"] [hostname "mydomain.com"] [uri "/phpmyadmin/Documentation.html"] [unique_id "UFHgx8CoZAMAA98gdOUAAAAE"]

Open in new window


So this mean i will need request another certificate? The one with * (wildcard) is useless?
0
 
LVL 1

Accepted Solution

by:
Wisdown earned 0 total points
ID: 38399221
I removed the filters of mod_security:

"/etc/apache2/mod-security/modsecurity_crs_50_outbound.conf"

Then everything is working again.
0
 
LVL 1

Author Closing Comment

by:Wisdown
ID: 38412900
The solution after found and read all logs.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By, Vadim Tkachenko. In this article we’ll look at ClickHouse on its one year anniversary.
In this blog, we’ll look at how improvements to Percona XtraDB Cluster improved IST performance.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month19 days, 13 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question