Share

Question

I get forbidden, and it says I do not have permission... I have changed my config file so many times just to see if I could get permission... currently I just have one require and allow per each section of the file rather than two like you usually start out with, for a total of 2 of each. one within the setup part, and another within the main part. All of the requires/allows have my ip.. Which seemed to not make a difference at all...

Answer 1

jschwenn February 23, 2016

Hey there,

Have you configured SELinux? You can check the status of SELinux with this:

getenforce

You can try this to temporarily disable SELinux:

setenforce 0

To persistently disable or enable SELinux, you would edit the /etc/selinux/config file. You can also view the /var/log/audit/audit.log file to see the error and context that is causing phpmyadmin to not work, which would make it easier to apply a context to the phpmyadmin folder so you can keep SELinux enabled.

Happy coding,

Jon Schwenn
Platform Support Specialist
DigitalOcean

Reply

mscott1 February 23, 2016

i just saw that command, i tried it, and all i got was a message saying enforcing
- jschwenn February 23, 2016
  
  Enforcing means that SELinux is enabled. You temporarily can disable it with the setenforce 0 command. It will be reenabled after a reboot, so if you wish to permanently disable SELinux, you would do so by switching the setting in /etc/selinux/config from SELINUX=enforcing to SELINUX=disabled
  
  mscott1 February 23, 2016
  
  i have no idea what the use of selinux (besides security measures)is, because nothing changed on my ip address for the site.
  
  jschwenn February 23, 2016
  
  SELinux is used for extra security and it does a good job of it. However, it can make things very hard to troubleshoot. Unless you've applied the proper context so that your web server can touch those phpmyadmin files, it's not going to work.
  
  My suggestion is to at least try to disable SELinux, just to help rule that out.

mscott1 February 23, 2016

also
my code for that file is this

# phpMyAdmin - Web based MySQL browser written in php
# 
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

#Alias /phpMyAdmin /usr/share/phpMyAdmin
#Alias /phpmyadmin /usr/share/phpMyAdmin
Alias /nothingtosee /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>

       Require ip 127.0.0.1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All

     Allow from 127.0.0.1
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>

       Require ip 127.0.0.1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All

     Allow from 127.0.0.1
   </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>

jschwenn February 23, 2016

There may be more to do within phpmyadmin, it sounds like you've tried just about everything so it's hard to say what its current condition is. It sounds like SELinux is the main culprit, with SELinux disabled you should be able to get it to work with re-trying your various configurations.
- mscott1 February 23, 2016
  
  selinux was disabled in the first place. i believe. And I have been at this screen for about 3 hours or more trying to solve this.
  
  mscott1 February 23, 2016
  
  and on a side note, ignore the ip's in the code, because i simply reverted them off of my ip address

Answer 2

mscott1 February 23, 2016

i just saw that command, i tried it, and all i got was a message saying enforcing
- jschwenn February 23, 2016
  
  Enforcing means that SELinux is enabled. You temporarily can disable it with the setenforce 0 command. It will be reenabled after a reboot, so if you wish to permanently disable SELinux, you would do so by switching the setting in /etc/selinux/config from SELINUX=enforcing to SELINUX=disabled
  
  mscott1 February 23, 2016
  
  i have no idea what the use of selinux (besides security measures)is, because nothing changed on my ip address for the site.
  
  jschwenn February 23, 2016
  
  SELinux is used for extra security and it does a good job of it. However, it can make things very hard to troubleshoot. Unless you've applied the proper context so that your web server can touch those phpmyadmin files, it's not going to work.
  
  My suggestion is to at least try to disable SELinux, just to help rule that out.

mscott1 February 23, 2016

also
my code for that file is this

# phpMyAdmin - Web based MySQL browser written in php
# 
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

#Alias /phpMyAdmin /usr/share/phpMyAdmin
#Alias /phpmyadmin /usr/share/phpMyAdmin
Alias /nothingtosee /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>

       Require ip 127.0.0.1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All

     Allow from 127.0.0.1
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>

       Require ip 127.0.0.1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All

     Allow from 127.0.0.1
   </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>

jschwenn February 23, 2016

There may be more to do within phpmyadmin, it sounds like you've tried just about everything so it's hard to say what its current condition is. It sounds like SELinux is the main culprit, with SELinux disabled you should be able to get it to work with re-trying your various configurations.
- mscott1 February 23, 2016
  
  selinux was disabled in the first place. i believe. And I have been at this screen for about 3 hours or more trying to solve this.
  
  mscott1 February 23, 2016
  
  and on a side note, ignore the ip's in the code, because i simply reverted them off of my ip address

Using fedora, but I cannot get passed the permission to access phpmyadmin

Leave a Comment

Share

Share your Question

Using fedora, but I cannot get passed the permission to access phpmyadmin

Leave a Comment

Related Questions

Almost there!