Solved

403 Forbidden access trying to get to phpmyadmin on Centos 7

Posted on 2016-08-11
11
49 Views
Last Modified: 2016-11-15
Please help!

I am trying to setup phpmyadmin on a centos 7 server.

I have installed through yum but before i open it up for external ips i wanted to test it on the server itself but i get

"Forbidden

You don't have permission to access /phpmyadmin on this server."

Apache error log shows the following

[Thu Aug 11 16:21:33.785826 2016] [access_compat:error] [pid 43903] [client 127.0.0.1:56106] AH01797: client denied by server configuration: /usr/share/phpMyAdmin



My phpmyadmin.conf file is as follows:



# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>



thanks
0
Comment
Question by:timb551
  • 7
  • 4
11 Comments
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41752571
does it work as root?

If you did not try, execute the following command to work as root:
sudo su
0
 

Author Comment

by:timb551
ID: 41752574
sorry does what work as root?
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41752603
Ohs, sorry, I thought that it was trying to edit the file.

Can you try changing the order that corresponds tot he directory permission:
 Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1

 Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
0
 

Author Comment

by:timb551
ID: 41753482
Same error

403 Forbidden

You dont have permission to access /phpmyadmin on this server.
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41754085
Can you make a temporal test specifying 'Allow from All'

With this test you are going to allow any connection (no matter the name, ip, or source location). But at least for completing the Host test that you specify. If it connects like that, it means that your Host server is using a source that we are not including in the file (like the server name, a fixed IP).

If it does not connect, we might be configuring the incorrect location.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:timb551
ID: 41756149
So to confirm i should change it to

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Allow from All
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Allow from All
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41756808
Yeah.

Doesn't it use the other Apaches?
0
 

Author Comment

by:timb551
ID: 41757979
Still get forbidden with the below conf

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
     Allow from All
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
     Allow from All
   </IfModule>
</Directory>
0
 

Author Comment

by:timb551
ID: 41784349
Any more advice?
0
 

Accepted Solution

by:
timb551 earned 0 total points
ID: 41882322
All sorted.

Ended up needing the following config:

<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
      Order Deny,Allow
      Deny from All
      Allow from 1.1.1.1
      Allow from 2.2.2.2
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
      Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>
0
 

Author Closing Comment

by:timb551
ID: 41887587
I managed to sort myself
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Scripted configuration of TightVNC with Start on boot 7 53
Sendmail STARTTLS error 37 84
Coding C# in Linux 8 34
Linux VM 6 51
This is the error message I got (CODE) Error caused by incompatible libmp3lame 3.98-2 with ffmpeg I've googled this error message and found out sometimes it attaches this note "can be treated with downgrade libmp3lame to version 3.97 or 3.98" …
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now