mscott1
By:
mscott1

Using fedora, but I cannot get passed the permission to access phpmyadmin

February 23, 2016 1.1k views
PHP Debian

I get forbidden, and it says I do not have permission... I have changed my config file so many times just to see if I could get permission... currently I just have one require and allow per each section of the file rather than two like you usually start out with, for a total of 2 of each. one within the setup part, and another within the main part. All of the requires/allows have my ip.. Which seemed to not make a difference at all...

1 Answer

Hey there,

Have you configured SELinux? You can check the status of SELinux with this:

  • getenforce

You can try this to temporarily disable SELinux:

  • setenforce 0

To persistently disable or enable SELinux, you would edit the /etc/selinux/config file. You can also view the /var/log/audit/audit.log file to see the error and context that is causing phpmyadmin to not work, which would make it easier to apply a context to the phpmyadmin folder so you can keep SELinux enabled.

Happy coding,

Jon Schwenn
Platform Support Specialist
DigitalOcean

  • i just saw that command, i tried it, and all i got was a message saying enforcing

    • Enforcing means that SELinux is enabled. You temporarily can disable it with the setenforce 0 command. It will be reenabled after a reboot, so if you wish to permanently disable SELinux, you would do so by switching the setting in /etc/selinux/config from SELINUX=enforcing to SELINUX=disabled

      • i have no idea what the use of selinux (besides security measures)is, because nothing changed on my ip address for the site.

        • SELinux is used for extra security and it does a good job of it. However, it can make things very hard to troubleshoot. Unless you've applied the proper context so that your web server can touch those phpmyadmin files, it's not going to work.

          My suggestion is to at least try to disable SELinux, just to help rule that out.

  • also
    my code for that file is this

    # phpMyAdmin - Web based MySQL browser written in php
    # 
    # Allows only localhost by default
    #
    # But allowing phpMyAdmin to anyone other than localhost should be considered
    # dangerous unless properly secured by SSL
    
    #Alias /phpMyAdmin /usr/share/phpMyAdmin
    #Alias /phpmyadmin /usr/share/phpMyAdmin
    Alias /nothingtosee /usr/share/phpMyAdmin
    <Directory /usr/share/phpMyAdmin/>
       AddDefaultCharset UTF-8
    
       <IfModule mod_authz_core.c>
         # Apache 2.4
         <RequireAny>
    
           Require ip 127.0.0.1
         </RequireAny>
       </IfModule>
       <IfModule !mod_authz_core.c>
         # Apache 2.2
         Order Deny,Allow
         Deny from All
    
         Allow from 127.0.0.1
       </IfModule>
    </Directory>
    
    <Directory /usr/share/phpMyAdmin/setup/>
       <IfModule mod_authz_core.c>
         # Apache 2.4
         <RequireAny>
    
           Require ip 127.0.0.1
         </RequireAny>
       </IfModule>
       <IfModule !mod_authz_core.c>
         # Apache 2.2
         Order Deny,Allow
         Deny from All
    
         Allow from 127.0.0.1
       </IfModule>
    </Directory>
    
    # These directories do not require access over HTTP - taken from the original
    # phpMyAdmin upstream tarball
    #
    <Directory /usr/share/phpMyAdmin/libraries/>
        Order Deny,Allow
        Deny from All
        Allow from None
    </Directory>
    
    <Directory /usr/share/phpMyAdmin/setup/lib/>
        Order Deny,Allow
        Deny from All
        Allow from None
    </Directory>
    
    <Directory /usr/share/phpMyAdmin/setup/frames/>
        Order Deny,Allow
        Deny from All
        Allow from None
    </Directory>
    
    # This configuration prevents mod_security at phpMyAdmin directories from
    # filtering SQL etc.  This may break your mod_security implementation.
    #
    #<IfModule mod_security.c>
    #    <Directory /usr/share/phpMyAdmin/>
    #        SecRuleInheritance Off
    #    </Directory>
    #</IfModule>
    
    
    • There may be more to do within phpmyadmin, it sounds like you've tried just about everything so it's hard to say what its current condition is. It sounds like SELinux is the main culprit, with SELinux disabled you should be able to get it to work with re-trying your various configurations.

      • selinux was disabled in the first place. i believe. And I have been at this screen for about 3 hours or more trying to solve this.

        • and on a side note, ignore the ip's in the code, because i simply reverted them off of my ip address

Have another answer? Share your knowledge.