PhpMyAdmin error: 403 forbidden

Question

I had phpmyadmin installed but when i was on the site : ip/phpmyadmin i tried to logon, but i couldent, it would not redirect me so I removed it and reinstalled.

From then on I cant even connected to the site. In the /etc/httpd/phpMyAdmin.conf file I have added my ips four times like so...

# phpMyAdmin - Web based MySQL browser written in php
# 
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
      Allow from 127.0.0.1
     Allow from ::1
    </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>

When I restart apache, # service httpd restart, and then go onto the site it still says

Forbidden

You don't have permission to access /phpMyAdmin/ on this server.

Apache/2.2.15 (CentOS) Server at 6gem.pw Port 80

I cant find any fixes, please help.

Answer 1

Apache 2.4 - fix

If you have mod_evasive enabled on your server, check that the configuration contains your external IP address.

Modify the file /etc/apache2/mods-available/evasive.conf and edit the 'DOSWhitelist' line to match the following DOSWhitelist {internalIP}/23 {externalIP}

Answer 2

Require local

to

Require all granted

then restart the xampp services.

Answer 3

Did you perform the following as well? This helped me:

    mkdir /usr/share/phpMyAdmin/tmp

    chmod 777 /usr/share/phpMyAdmin/tmp

    chown -R apache:apache /usr/share/phpMyAdmin
    
    yum install -y policycoreutils-python-utils
    
    semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/phpMyAdmin/'
    
    semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/phpMyAdmin/tmp(/.*)?'
    
    restorecon -Rv '/usr/share/phpMyAdmin/'

Then restart apache service: systemctl restart httpd

Answer 4

On my server it was security2_module blocking requests after a sql query was posted.

Setting SecRuleEngine Off for the phpmyadmin folder did the trick for me:

<Directory /usr/share/phpMyAdmin/>
    ...

    <IfModule security2_module>
        SecRuleEngine Off
    </IfModule>
    ...
</Directory>

Answer 5

I had the same problem and sharing the correct solution here:

To allow connections from All ips in phpMyAdmin directory settings you should change the code like this:

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require all granted   # Add This to skip other requirements
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Allow,Deny  # change order to first apply allows, then deny
     Allow from All    # change this from deny to allow from all
     Allow from 127.0.0.1
     Allow from ::1
     Deny from 47.23.165.43  # Bad IPs which should be blocked
   </IfModule>
</Directory>

but if you want to be able to deny some ips and accpet all other ips for apache 2.4 change # Apache 2.4 <RequireAny> part as this:

 # Apache 2.4
 <RequireAll> # change requirement to check all parameters
   Require all granted          # Add This to allow all requests
   Require not ip 47.23.165.43  # Bad IPs which should be blocked
   Require not ip 43.80         # Bad IPs which should be blocked
   Require not ip other.bad.ips # Bad IPs which should be blocked
 </RequireAll>

Answer 6

This works for me under CentOS 7.

Assuming you have installed phpmyadmin with yum.

First, check in the localhost by loading http://localhost/phpmyadmin in your browser. If you get the forbidden message, probably is because php is not installed. In my case, I remove phpmyadmin installation, install php and install phpmyadmin again: (as root) yum remove phpmyadmin yum install php yum install phpmyadmin service httpd restart

These steps fixed the problem in the local machine.

Now, edit /etc/httpd/conf.d/phpMyAdmin.conf if you want to add permissions for another machine (i.e. 192.168.1.10). By default, it allows access only for localhost.

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Require ip 192.168.1.11
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

Restart httpd service: service httpd restart

Answer 7

Edit your phpMyAdmin configuration file:

vim /etc/httpd/conf.d/phpMyAdmin.conf

Then change all "Deny from All" to "Deny from None" and "Allow form None" to "Allow from All". That should work :)