Solved

403 Forbidden access trying to get to phpmyadmin on Centos 7

Posted on 2016-08-11
11
139 Views
Last Modified: 2016-11-15
Please help!

I am trying to setup phpmyadmin on a centos 7 server.

I have installed through yum but before i open it up for external ips i wanted to test it on the server itself but i get

"Forbidden

You don't have permission to access /phpmyadmin on this server."

Apache error log shows the following

[Thu Aug 11 16:21:33.785826 2016] [access_compat:error] [pid 43903] [client 127.0.0.1:56106] AH01797: client denied by server configuration: /usr/share/phpMyAdmin



My phpmyadmin.conf file is as follows:



# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>



thanks
0
Comment
Question by:timb551
  • 7
  • 4
11 Comments
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41752571
does it work as root?

If you did not try, execute the following command to work as root:
sudo su
0
 

Author Comment

by:timb551
ID: 41752574
sorry does what work as root?
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41752603
Ohs, sorry, I thought that it was trying to edit the file.

Can you try changing the order that corresponds tot he directory permission:
 Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1

 Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:timb551
ID: 41753482
Same error

403 Forbidden

You dont have permission to access /phpmyadmin on this server.
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41754085
Can you make a temporal test specifying 'Allow from All'

With this test you are going to allow any connection (no matter the name, ip, or source location). But at least for completing the Host test that you specify. If it connects like that, it means that your Host server is using a source that we are not including in the file (like the server name, a fixed IP).

If it does not connect, we might be configuring the incorrect location.
0
 

Author Comment

by:timb551
ID: 41756149
So to confirm i should change it to

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Allow from All
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Allow from All
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41756808
Yeah.

Doesn't it use the other Apaches?
0
 

Author Comment

by:timb551
ID: 41757979
Still get forbidden with the below conf

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
     Allow from All
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
     Allow from All
   </IfModule>
</Directory>
0
 

Author Comment

by:timb551
ID: 41784349
Any more advice?
0
 

Accepted Solution

by:
timb551 earned 0 total points
ID: 41882322
All sorted.

Ended up needing the following config:

<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
      Order Deny,Allow
      Deny from All
      Allow from 1.1.1.1
      Allow from 2.2.2.2
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
      Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>
0
 

Author Closing Comment

by:timb551
ID: 41887587
I managed to sort myself
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question