I just installed phpMyAdmin on my Virtual Private Server, but I can't access it from my browser to set it up.
I verified that the folder permissions on /phpmyadmin are the same as my public_html folder.
When I go to url (http://www.testsite.com/phpmyadmin) I get a 403 error
"You don't have permission to access /phpmyadmin on this server. Apache/2.2.15 (CentOS) Server at www.testsite.com Port 80"
I then go to my /var/log/httpd/error.log and see an entry for the denied access (note I partially replaced my IP address with x's)
[Thu Oct 29 19:12:46 2015] [error] [client xx.xxx.68.18] client denied by server configuration: /usr/share/phpMyAdmin
I then edit /etc/httpd/conf.d/phpMyAdmin.conf which has the following lines
<Directory /usr/share/phpMyAdmin/>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</Directory>
In each section of code listed above, I add just below Allow from ::1
Allow from xx.xxx.68.18
I'm still getting the same 403 error. I would appreciate some insights and direction to fix this issue. Thanks
If you have installed phpMyAdmin in your linux server (centos/RHEL/debian), and tried to access phpMyAdmin in most cases you will get this 403 forbidden error. I have seen this issue very often if you are installing phpmyadmin using yum or by apt-get. By default phpmyadmin installed path is /usr/share/phpmyadmin and the apache configuration file is located in /etc/httpd/conf.d/phpmyadmin.conf.
Forbidden
You don't have permission to access /phpmyadmin/ on this server.
To fix:
nano /etc/httpd/conf.d/phpmyadmin.conf
Remove or comment the first two lines in below.
#Order Allow,Deny
#Deny from all
Allow from 127.0.0.1
Restart the apache server.
service httpd restart
I was running into the same issue with a new install of Fedora 25, Apache, MariaDB and PHP.
The router is on 192.168.1.1 and the Fedora 25 server is sitting at 192.168.1.100 which is a staic address handed out by the router. The laptop was getting a random ip in the range of 192.168.1.101 to 150.
The change I made to the /etc/httpd/conf.d/phpMyAdmin.conf was instances of
Require ip 127.0.0.1
to
Require ip 127.0.0.1 192.168.1.1/24
This worked for me. The idea came from the process of inserting the ip address of the laptop into the .conf file behind the reference to 127.0.0.1 and I was able to get access.
So instead of doing the more secure thing of handing out a static ip address to the laptop I let the phpMyAdmin.conf file open to a range of ip address on the local subnet, if that is the right terminology.
If there are drawbacks to doing this let me know so that I can make the appropriate changes.
Related
I have seen many answers on this with what would appear to be simple solutions, none of which are working for me at this time.
I have WAMP install with Apache 2.4.33 32bit installed on a PC. I can access the site on that PC without a problem using the alias mySite.local.
The PC's host file looks like this
127.0.0.1 mySite.local
The remote lap top's host file is
192.168.1.114 mySite.local
That is the IP of the PC on the network.
httpd.conf
Listen 80
ServerName mySite.local:80
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "H:/Intranet/mySite_v2_www/public"
httpd-vhosts.conf
<VirtualHost *:80>
ServerName mySite.local
DocumentRoot "H:/Intranet/mySite_v2_www/public"
</VirtualHost>
I have tried disabling the windows firewall and virus checker on the PC.
The laptop appears to be getting there but being blocked. The message is..
Forbidden
You don't have permission to access / on this server.
Apache/2.4.33 (Win32) PHP/7.2.4 Server at mySite.local Port 80
So it looks like it can see Apache but is being blocked. So what else needs to be set to get access to the server?
Here are two of the links that I have been following to try and get this to work
Error message "Forbidden You don't have permission to access / on this server"
and
How do I connect to this localhost from another computer on the same network?
Thanks for any direction you can provide.
To complement the answer of Paul Neale:
Forbidden You don't have permission to access / on this server. Apache/2.4.33 (Win32) PHP/7.2.4 Server at mySite.local Port 80
That message is an answer from Apache. Disabling the windows firewall and virus checker on the PC won't have any effect, you are already reaching Apache there is not any networking problem.
Apache is receiving your request to access the root folder "public":
H:/Intranet/mySite_v2_www/public
But denies the request because, the directive Require local is enabled. This directive means, you can access to the content of public from the local server (localhost), which is the same to say 127.0.0.0 or localhost.
What you wanted is to tell apache that allows the access of certain IP address to the root directory "public".
When you changed the directive to Require all granted you are telling apache that, no matter who asks, give it access to / (root folder) in other words "public".
So, what you was searching for is "Access Control" in apache, and the directive Require can be used with IP address, here's the main document from Apache, this is an example:
Require host address
Require ip ip.address
It's important to differentiate between Network//Permissions problems. If you want to know if you are able to communicate (At network level) with Apache, you could do:
telnet <IP_APACHE_SERVER> <PORT_APACHE_SERVER>
#example: telnet 172.10.10.2 80
So after playing around will combinations for a day I found that in the httpd.conf I needed to change Require local to Require all granted in the section.
<Directory "H:/Intranet/mySite_v2_www/public/">
Options +Indexes +FollowSymLinks +Multiviews
AllowOverride all
# onlineoffline tag - don't remove
# Require local
Require all granted
</Directory>
I have a very simple .htaccess file:
<RequireAll>
Require all granted
# require localhost
Require ip 127.0.0.1
</RequireAll>
and it works... sometimes!
Sometimes, it will throw me a 403, and the error.log explains:
[client ::1:65443] AH01630: client denied by server configuration
Why won't it match that local client to the Require ip 127.0.0.1 rule?
As it turns out, Apache 2.4's Require matches the IP exactly. If you have multiple IP addresses aliasing localhost, you need to list all of them (or use a special alias, if one exists, as explained below).
In this particular case, the error.log entry reveals it all: The client connected through the IPv6 interface (ip == ::1). That needs to be white-listed as well:
<RequireAll>
Require all granted
# require localhost
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
</RequireAll>
Any suggestions as to whether there is a simpler/safer method to get this done, are very welcome!
Update
As Helge Klein suggests, Require local is a more concise alternative:
<RequireAll>
Require all granted
# require localhost
Require local
</RequireAll>
Require ip 127.0.0.1
Require ip ::1
The Require all granted is the equivalent to:
Order allow,deny
Allow from all
from earlier Apache versions, which open the site to everyone. If your intention is to block the site to everyone, except certain IPs, you should start with a:
Require all denied
You can find more info here: Upgrading to 2.4 from 2.2
I don't use .htaccess since I have Apache installed on my workstation, and have full access to the http.conf file. But for a site like phpmyadmin where I want to limit where people log from, I have this:
Require all denied
Require ip 127.0.0.1
First line denies access to everyone, including my own workstation.
Second line adds my workstation localhost ip to the list of only allowed connections.
No RequireAll or RequireAny tags. Again in .htaccess those tags may be needed.
I am trying to open my host address using my host name, but I am getting following error:
You can see the host URL above.
Can someone help me to resolve this issue?
As the error states you cannot access it outside you local network. In another words - your apache xampp is configured to accept calls only from 127.0.0.1 or localhost. For xampp this is defined in location match directive for apache look at the following topic, it covers the most common cases. Note however that this might be security issue.
http://www.apachefriends.org/f/viewtopic.php?p=185823
This will provide you more info on how allow and deny can be configured
http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow
Something like this should be in your httpd-xampp.conf
<LocationMatch "^/(?i:(?:xampp|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 **your.local.ip.address**
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>
I have a lan network with 2 computer and installed wamp on computer 1.
now I want to access to whole of phpmyadmin on computer 1 from computer 2 and make changes.
from users tab in root of phpmyadmin page I created a user.
I filled username field with 'root' and host field with my computer 2 IP address and left password field with "no password" and checked all Global privileges for my user.
now I connect to wamp on computer 1 from computer 2 and click on phpmyadmin link.
but It give me this error:
FORBIDDEN
you don't have permission to access /phpmyadmin/ on this server
what I must do now for solving this problem?
change below line in C:\xampp\apache\conf\extra\httpd-xampp.conf, you can directly open this file by
<Directory "C:/xampp/phpMyAdmin">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all granted
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</Directory>
That error message has more to do with Apache blocking access, than with phpMyAdmin, or the MySQL user account created.
Your issue is with Apache's configuration, or more specifically your WAMP's configuration of the /phpmyadmin URL.
Find the configuration file where the \phpmyadmin URL Alias is set up. It possibly will have these lines in it -
<Location /phpmyadmin>
order deny,allow
deny from all
allow from 127.0.0.1
</Location>
Add another allow from IP.Address line in it to match the IP.Address of your other LAN system. Restart Apache.
If phpMyAdmin is not set up via an Alias (it is under WampDeveloper, not sure about other WAMPs like Xampp or WampServer), but is rather just a dump of its files in a DocumentRoot (website's webroot) sub-folder, check the .htaccess file there.
I filled username field with 'root' and host field with my computer 2 IP address and left password field with "no password" and checked all Global privileges for my user.
In this case, the host field will always be in relation to the location of MySQL, not to the system phpMyAdmin is being accessed from... If you are accessing MySQL via phpMyAdmin, the host field should always be - localhost. As phpMyAdmin is on the same system MySQL is. The only time you'd use another domain-name, host-name, or IP for host: is when you are accessing MySQL directly from another system. By directly I mean, not via a script or URL, but via some type of a client (which is almost always a binary/executable).
go to PHPMYADMIN.conf or search on it from wamp or wamp64
adjust on it as the following:
change
Require local
to be
Require all granted
And add your another client IP address after this line
Allow from localhost ::1 127.0.0.1
add this
Allow from CLIENTIPADDRESS
Restart Wamp or Wamp64
go to C:\wamp\alias\phpmyAdmin.conf
open phpmyadmin.conf in notepad
overwrite the below given code in it
<Directory "c:/wamp/apps/phpmyadmin3.3.9/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Allow,Deny
Allow from all
</Directory>
change here is allow from all only..
First just check you have installed php, mysql and apache correctly.
Now if are you able to access phpmyadmin from your local host then above things are installed correctly. If you want to access phpmyadmin from another host, make the entry of 2nd host in following config file
/etc/httpd/config.d/phpmyadmin.conf
<Location /phpmyadmin>
order deny,allow
deny from all
allow from 127.0.0.1 <2nd host IP address>
</Location>
Then save you httpd settings and stop
service httpd restart
And now you are able to access phpmyadmin from another host
Everything is setup correctly, but I'm getting "403..... Forbidden You don't have permission to access / on this server." error's when I access my IP address or my TLD. Any help?
In your VirtualHost, make sure that you have access permissions set in the Directory block...
order allow,deny
allow from all
Check your DocumentRoot folder for an .htaccess file, it can override the above.
Aside from that, you can also get this error when your VirtualHost does not contain the proper ServerName or ServerAlias and the request ends up falling into the default httpd.conf setup.
Also consider trying out another WAMP package.
xampp (free) -
WampDeveloper Pro (commercial) -
WampServer (free)
You are probably making requests from ::1, which is IP6 127.0.0.1.
So just update your <Directory "c:/wamp/www/"> section at C:\wamp\bin\apache\ApacheX.X.X\conf\httpd.conf sections to:
Order Deny, Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
Remember to also do it in all conf files of C:\wamp\alias
This way you preserve the apache security.