Solved

403 Forbidden access trying to get to phpmyadmin on Centos 7

Posted on 2016-08-11
11
22 Views
Last Modified: 2016-11-15
Please help!

I am trying to setup phpmyadmin on a centos 7 server.

I have installed through yum but before i open it up for external ips i wanted to test it on the server itself but i get

"Forbidden

You don't have permission to access /phpmyadmin on this server."

Apache error log shows the following

[Thu Aug 11 16:21:33.785826 2016] [access_compat:error] [pid 43903] [client 127.0.0.1:56106] AH01797: client denied by server configuration: /usr/share/phpMyAdmin



My phpmyadmin.conf file is as follows:



# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>



thanks
0
Comment
Question by:timb551
  • 7
  • 4
11 Comments
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41752571
does it work as root?

If you did not try, execute the following command to work as root:
sudo su
0
 

Author Comment

by:timb551
ID: 41752574
sorry does what work as root?
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41752603
Ohs, sorry, I thought that it was trying to edit the file.

Can you try changing the order that corresponds tot he directory permission:
 Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1

 Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
0
 

Author Comment

by:timb551
ID: 41753482
Same error

403 Forbidden

You dont have permission to access /phpmyadmin on this server.
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41754085
Can you make a temporal test specifying 'Allow from All'

With this test you are going to allow any connection (no matter the name, ip, or source location). But at least for completing the Host test that you specify. If it connects like that, it means that your Host server is using a source that we are not including in the file (like the server name, a fixed IP).

If it does not connect, we might be configuring the incorrect location.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 

Author Comment

by:timb551
ID: 41756149
So to confirm i should change it to

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Allow from All
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Allow from All
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41756808
Yeah.

Doesn't it use the other Apaches?
0
 

Author Comment

by:timb551
ID: 41757979
Still get forbidden with the below conf

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
     Allow from All
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
     Allow from All
   </IfModule>
</Directory>
0
 

Author Comment

by:timb551
ID: 41784349
Any more advice?
0
 

Accepted Solution

by:
timb551 earned 0 total points
ID: 41882322
All sorted.

Ended up needing the following config:

<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
      Order Deny,Allow
      Deny from All
      Allow from 1.1.1.1
      Allow from 2.2.2.2
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
      Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>
0
 

Author Closing Comment

by:timb551
ID: 41887587
I managed to sort myself
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now