Thursday, January 24, 2013

phpMyAdmin forbidden CentOS 6.3

After yum install and restart httpd. When you start phpmyadmin with browser. it's 403 error forbidden
so Fix it
#vi /etc/httpd/conf.d/phpMyAdmin.conf

and you change in word  Allow from 127.0.0.1 to Allow from All
.. 
<IfModule !mod_authz_core.c>    
# Apache 2.2     
Order Deny,Allow     
Deny from All     
#Allow from 127.0.0.1     
  Allow from All   
  Allow from ::1   
</IfModule>
..

and restart httpd again

from Comment
Allow from address    (Private IP server)

.. 
<IfModule !mod_authz_core.c>    
# Apache 2.2     
Order Deny,Allow     
Deny from All     
#Allow from 127.0.0.1     
  Allow from 192.168.100.xx
  Allow from 192.168.100.0/24   
  Allow from ::1   
</IfModule>
..


CentOS 7
#vi /etc/httpd/conf.d/phpMyAdmin.conf

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8
 
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       #Require ip 127.0.0.1
       #Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>
 
<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       #Require ip 127.0.0.1
       #Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>
 

4 comments:

  1. Awesome, thanks! One thing, though. You forgot the "/" before the "etc" so the actual command would be:

    vi /etc/httpd/conf.d/phpMyAdmin.conf

    Otherwise you're you're creating a new file in a new directory.

    ReplyDelete
  2. Oh! Sorry man. Thank for comment to wrong word

    ReplyDelete
  3. You're defeating the purpose of the security configuration there using 'Allow from All' You can put a couple addresses there with a space delimited list like this:

    Require ip 127.0.0.1 192.168.1.100 # allow 192.168.1.100 too

    Require ip 127.0.0.1 192.168.1.0/24 # Allows 192.168.1.1 through ...254


    In this way you restrict access from EVERYWHERE to just the hosts you want to allow access.

    ReplyDelete
  4. Thank Jeff Albrecht. So good security hardening

    ReplyDelete

VirtualHost HTTP redirect to HTTPS

<VirtualHost *:80>     ServerName www.example.com     Redirect / https://www.example.com/ </VirtualHost> <VirtualHos...