?
Solved

403 Forbidden access trying to get to phpmyadmin on Centos 7

Posted on 2016-08-11
11
Medium Priority
?
679 Views
Last Modified: 2016-11-15
Please help!

I am trying to setup phpmyadmin on a centos 7 server.

I have installed through yum but before i open it up for external ips i wanted to test it on the server itself but i get

"Forbidden

You don't have permission to access /phpmyadmin on this server."

Apache error log shows the following

[Thu Aug 11 16:21:33.785826 2016] [access_compat:error] [pid 43903] [client 127.0.0.1:56106] AH01797: client denied by server configuration: /usr/share/phpMyAdmin



My phpmyadmin.conf file is as follows:



# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>



thanks
0
Comment
Question by:timb551
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
11 Comments
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41752571
does it work as root?

If you did not try, execute the following command to work as root:
sudo su
0
 

Author Comment

by:timb551
ID: 41752574
sorry does what work as root?
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41752603
Ohs, sorry, I thought that it was trying to edit the file.

Can you try changing the order that corresponds tot he directory permission:
 Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1

 Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:timb551
ID: 41753482
Same error

403 Forbidden

You dont have permission to access /phpmyadmin on this server.
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41754085
Can you make a temporal test specifying 'Allow from All'

With this test you are going to allow any connection (no matter the name, ip, or source location). But at least for completing the Host test that you specify. If it connects like that, it means that your Host server is using a source that we are not including in the file (like the server name, a fixed IP).

If it does not connect, we might be configuring the incorrect location.
0
 

Author Comment

by:timb551
ID: 41756149
So to confirm i should change it to

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Allow from All
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Allow from All
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41756808
Yeah.

Doesn't it use the other Apaches?
0
 

Author Comment

by:timb551
ID: 41757979
Still get forbidden with the below conf

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
     Allow from All
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
     Allow from All
   </IfModule>
</Directory>
0
 

Author Comment

by:timb551
ID: 41784349
Any more advice?
0
 

Accepted Solution

by:
timb551 earned 0 total points
ID: 41882322
All sorted.

Ended up needing the following config:

<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
      Order Deny,Allow
      Deny from All
      Allow from 1.1.1.1
      Allow from 2.2.2.2
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
      Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>
0
 

Author Closing Comment

by:timb551
ID: 41887587
I managed to sort myself
0

Featured Post

CHALLENGE LAB: Troubleshooting Connectivity Issues

Goal: Fix the connectivity issue in the lab's AWS environment so that you can SSH into the provided EC2 instance.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month11 days, 6 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question