2

Here is what my phpmyadmin.conf file looks like:

#
#  Web application to manage MySQL
#

<Directory "/usr/share/phpmyadmin">
  Order Deny,Allow
  Allow from 192.168.0.2
  Allow from 192.168.0.219
</Directory>

Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
Alias /mysqladmin /usr/share/phpmyadmin

I did restart the apache service after making changes as well. I used the following commands to try to restart apache:

sudo systemctl restart httpd.service

sudo apachectl restart

The server I'm working with is running CentOS and is hosted on the same LAN and my local ip is listed under the allows. Navigating to http://serverip/phpmyadmin results in a:

Forbidden

You don't have permission to access /phpmyadmin on this server.

Message. Any ideas? I followed guides that told me to do it this way, but it just doesn't seem to want to work.

Edit: This message shows up in my httpd error_log:

AH01630: client denied by server configuration: /usr/share/phpmyadmin

But I can't find a configuration file in /usr/share/phpmyadmin.

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
Duck Puncher
  • 51
  • 1
  • 1
  • 5
  • What are the permissions on the `/usr/share/phpmyadmin` directory? – 111--- Jul 09 '15 at 15:00
  • @datUser, 0755/drwxr-xr-x – Duck Puncher Jul 09 '15 at 15:04
  • @datUser, I added some additional information to the question if that helps. It's just really odd because from what I have read, these permissions should work. I also ran `chown -R nobody:nobody phpmyadmin` from the `/usr/share/` folder and that didn't help. – Duck Puncher Jul 09 '15 at 15:12
  • That is just the GET request, `/usr/share/phpmyadmin`. I would try changing the `phpmyadmin.conf` file to `Order Allow,Deny` and comment out the whitelist and add `Allow from All`. Restart apache and see if you can get in. – 111--- Jul 09 '15 at 15:13
  • @datUser, Changed the order to `Allow,Deny` and added `#` characters to the allows to comment them out. I then restarted using `systemctl restart httpd.service`. Still no luck getting in unfortunately. – Duck Puncher Jul 09 '15 at 15:17
  • Try adding the following to the config file under that directory: `Options Indexes FollowSymLinks MultiViews` right above the `Allow` statement. – 111--- Jul 09 '15 at 15:45
  • @datUser, Still no luck unfortunately. are there any error logs I can check to maybe get more information as to what is going wrong? – Duck Puncher Jul 09 '15 at 16:00

2 Answers2

3

Warning: The below (Require all granted) allows access from ANY ip.

I had to add this to my /etc/httpd/conf/httpd.conf file:

<Directory "/usr/share/phpmyadmin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

Then restart the apache service:

sudo systemctl restart httpd.service

I have also read that selinux can cause this, so you can check to see if that is causing issues by putting selinux into permissive mode:

sudo setenforce 0
getenforce

take selinux out of permissive mode:

sudo setenforce 1
getenforce

It's also a good idea to check permissions on the /usr/share/phpmyadmin directory to make sure they are set to something like 0755.

Chris Stryczynski
  • 5,178
  • 5
  • 40
  • 80
Duck Puncher
  • 51
  • 1
  • 1
  • 5
0

Right before the error message in the log it will have the client ip address.

[client 10.0.2.2:52570] AH01630: client denied by server configuration: /usr/share/phpMyAdmin

which you can then use in the rule in the conf file (this is the location for Centos 7).

sudo vi /etc/httpd/conf.d/phpMyAdmin.conf

and edit so that it looks similar to the below. The last part of the IP is replaced with a zero, and a mask "/15" to allow anyone on the subnet 10.0.2.x access.

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Require ip 10.0.2.0/15
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
     Allow from 10.0.2.0/15
   </IfModule>
</Directory>
Paul Williams
  • 1