phpMyAdmin forbidden CentOS 6.3

on
After yum install and restart httpd. When you start phpmyadmin with browser. it's 403 error forbidden
so Fix it
#vi /etc/httpd/conf.d/phpMyAdmin.conf

and you change in word  Allow from 127.0.0.1 to Allow from All
.. 
<IfModule !mod_authz_core.c>    
# Apache 2.2     
Order Deny,Allow     
Deny from All     
#Allow from 127.0.0.1     
  Allow from All   
  Allow from ::1   
</IfModule>
..

and restart httpd again

from Comment
Allow from address    (Private IP server)

.. 
<IfModule !mod_authz_core.c>    
# Apache 2.2     
Order Deny,Allow     
Deny from All     
#Allow from 127.0.0.1     
  Allow from 192.168.100.xx
  Allow from 192.168.100.0/24   
  Allow from ::1   
</IfModule>
..


CentOS 7
#vi /etc/httpd/conf.d/phpMyAdmin.conf

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8
 
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       #Require ip 127.0.0.1
       #Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>
 
<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       #Require ip 127.0.0.1
       #Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>
 

Comments

  1. J.R.C. DyerJuly 31, 2013 at 12:28 AM

    Awesome, thanks! One thing, though. You forgot the "/" before the "etc" so the actual command would be:

    vi /etc/httpd/conf.d/phpMyAdmin.conf

    Otherwise you're you're creating a new file in a new directory.

    ReplyDelete
  2. BUGTUAugust 3, 2013 at 11:44 PM

    Oh! Sorry man. Thank for comment to wrong word

    ReplyDelete
  3. UnknownAugust 4, 2013 at 6:21 AM

    You're defeating the purpose of the security configuration there using 'Allow from All' You can put a couple addresses there with a space delimited list like this:

    Require ip 127.0.0.1 192.168.1.100 # allow 192.168.1.100 too

    Require ip 127.0.0.1 192.168.1.0/24 # Allows 192.168.1.1 through ...254


    In this way you restrict access from EVERYWHERE to just the hosts you want to allow access.

    ReplyDelete
  4. BUGTUAugust 4, 2013 at 6:47 PM

    Thank Jeff Albrecht. So good security hardening

    ReplyDelete

Post a Comment