phpmyadmin 403 error

J

jonfr

I have having issues getting phpmyadmin up and running. I have done everything according to the FAQ issued when installing phpmyadmin. But it still does not work. I have been searching the forum for a solution. But I have not found one yet.

The current phpmyadmin apache24 setting in httpd.conf:
Code: 
Alias /phpmyadmin "/usr/local/www/phpMyAdmin/"
 
    <Directory "/usr/local/www/phpMyAdmin/">
        Options none
        AllowOverride Limit

        Order Deny,Allow
        Deny from all
        Allow from 127.0.0.1 .192.168.1.*
    </Directory>

Here are the file permission on the folder and files.

Code: 
ls -l
total 8
drwxr-xr-x  6 root  wheel   512 Apr 12 19:20 apache24
drwxr-xr-x  8 root  wheel  3072 Apr 13 00:15 phpMyAdmin

They are set by the system. If they are wrong. I do not know why that is. But the default testing HTML file works without issue and does not give a '403 forbidden' error. Other settings are currently default. If there is anything in httpd.conf or some other configuration file that I am missing. It would be nice to know what it is so I can fix it.

I am moving this server from Gentoo Linux. So this needs a bit different working.

The version of FreeBSD that I am using is this one.

Code: 
uname -a
FreeBSD Mark-666 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243826: Tue Dec  4 06:55:39 UTC 2012     root@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

Thanks for the help.
 
Here is part of the log from httpd-error.log.

Code: 
[Sat Apr 13 20:46:07.991887 2013] [core] [pid 11499] AH00094: Command line: '/usr/local/sbin/httpd -D NOHTTPACCEPT'
[Sat Apr 13 20:46:12.571416 2013] [authz_core] [pid 11500] [client 192.168.1.25:59944] AH01630: client denied by server configuration: /usr/local/www/phpMyAdmin/
[Sat Apr 13 20:46:15.232079 2013] [authz_core] [pid 11500] [client 192.168.1.25:59944] AH01630: client denied by server configuration: /usr/local/www/phpMyAdmin/
[Sat Apr 13 20:46:18.587050 2013] [authz_core] [pid 11500] [client 192.168.1.25:59944] AH01630: client denied by server configuration: /usr/local/www/phpMyAdmin/
[Sat Apr 13 20:46:18.837177 2013] [authz_core] [pid 11500] [client 192.168.1.25:59944] AH01630: client denied by server configuration: /usr/local/www/phpMyAdmin/
[Sat Apr 13 20:46:18.887645 2013] [authz_core] [pid 11502] [client 192.168.1.25:59945] AH01630: client denied by server configuration: /usr/local/www/phpMyAdmin/
[Sat Apr 13 20:46:18.920230 2013] [authz_core] [pid 11502] [client 192.168.1.25:59945] AH01630: client denied by server configuration: /usr/local/www/phpMyAdmin/
[Sat Apr 13 20:46:19.107792 2013] [authz_core] [pid 11502] [client 192.168.1.25:59945] AH01630: client denied by server configuration: /usr/local/www/phpMyAdmin/
[Sat Apr 13 20:46:19.363246 2013] [authz_core] [pid 11502] [client 192.168.1.25:59945] AH01630: client denied by server configuration: /usr/local/www/phpMyAdmin/
[Sat Apr 13 20:46:19.564748 2013] [authz_core] [pid 11502] [client 192.168.1.25:59945] AH01630: client denied by server configuration: /usr/local/www/phpMyAdmin/
[Sat Apr 13 20:46:19.675549 2013] [authz_core] [pid 11502] [client 192.168.1.25:59945] AH01630: client denied by server configuration: /usr/local/www/phpMyAdmin/

Here is the output from the httpd-access.log.

Code: 
192.168.1.25 - - [13/Apr/2013:20:36:43 +0000] "GET /phpmyadmin HTTP/1.1" 403 212
192.168.1.25 - - [13/Apr/2013:20:36:43 +0000] "GET /favicon.ico HTTP/1.1" 404 209
192.168.1.25 - - [13/Apr/2013:20:38:27 +0000] "GET /phpmyadmin HTTP/1.1" 403 212
192.168.1.25 - - [13/Apr/2013:20:38:27 +0000] "GET /favicon.ico HTTP/1.1" 404 209
192.168.1.25 - - [13/Apr/2013:20:38:53 +0000] "GET /phpmyadmin HTTP/1.1" 403 212
192.168.1.25 - - [13/Apr/2013:20:38:53 +0000] "GET /favicon.ico HTTP/1.1" 404 209
192.168.1.25 - - [13/Apr/2013:20:44:13 +0000] "GET /phpmyadmin HTTP/1.1" 403 212
192.168.1.25 - - [13/Apr/2013:20:44:13 +0000] "GET /favicon.ico HTTP/1.1" 404 209
192.168.1.25 - - [13/Apr/2013:20:46:12 +0000] "GET /phpmyadmin HTTP/1.1" 403 212
192.168.1.25 - - [13/Apr/2013:20:46:12 +0000] "GET /favicon.ico HTTP/1.1" 404 209
192.168.1.25 - - [13/Apr/2013:20:46:15 +0000] "GET /phpmyadmin HTTP/1.1" 403 212
192.168.1.25 - - [13/Apr/2013:20:46:15 +0000] "GET /favicon.ico HTTP/1.1" 404 209
192.168.1.25 - - [13/Apr/2013:20:46:18 +0000] "GET /phpmyadmin HTTP/1.1" 403 212
192.168.1.25 - - [13/Apr/2013:20:46:18 +0000] "GET /favicon.ico HTTP/1.1" 404 209
192.168.1.25 - - [13/Apr/2013:20:46:18 +0000] "GET /phpmyadmin HTTP/1.1" 403 212
192.168.1.25 - - [13/Apr/2013:20:46:18 +0000] "GET /favicon.ico HTTP/1.1" 404 209
192.168.1.25 - - [13/Apr/2013:20:46:18 +0000] "GET /phpmyadmin HTTP/1.1" 403 212

This is clearly some configuration that I have missed. I am not sure where to set the '-D PHP' options for apache in FreeBSD. If that is the case in FreeBSD to start with. Since I am still learning the layout of the configuration files. I did not see any log for php in /var/log.
 
Code: 
[Sat Apr 13 20:46:19.363246 2013] [authz_core] [pid 11502] [client 192.168.1.25:59945] AH01630: client denied by server configuration: /usr/local/www/phpMyAdmin/

I think problem is here:
Code: 
  Allow from 127.0.0.1 [B]Why Here is a DOT?->.[/B]192.168.1.*

Try to don't use localhost, and fix this 192.168.1.0/24 class entry.
 
I have tested your suggestion. It did not work. I have also updated to php5.4 from php5.3. That did also not work. The dot is given in the configuration example when I did install phpmyadmin. I am now trying re-install and re-configure phpmyadmin. Not sure if it is going to work. But it is worth the try.
 
After some serious testing and linking with a hard link to the phpmyadmin (skipping the command in httpd.conf file). I have come to the conclusion that this is some type of access error. After reading about this problem. I am now convinced this issue is related to domain name - localhost issue. I am not sure how to fix that. Since other parts of apache2.4 work without issue.

The command # host 127.0.0.1 gives me this output.

Code: 
1.0.0.127.in-addr.arpa domain name pointer localhost.localdomain.

I have made some changes to the host file at present. But I have not yet rebooted the computer. So they do not seems to have been applied. I do not know yet if they work or not.

I am using this post here as reference as this being some type of domain issue, http://forums.freebsd.org/showthread.php?t=26993
 
I have done some more tests and I have found that everything that uses Alias in httpd.conf gets '403 forbidden' message. Everything else in Apache 2.4 works besides this.

Here is a good example. A test folder that contains nothing.

Code: 
You don't have permission to access /testfolder on this server.

I have also installed adminer mysql control program. That also gets the '403 forbidden' error message. I am clearly missing some setting. But at the moment I am not sure what setting I am missing. Any idea what I am missing?
 
I did test this and it did not work. I did change the directory part in two places in httpd.conf. Is it possible that this is a file permission issue?

The current permissions are this ones.

Code: 
root@mark666:/usr/local/www # ls -l
total 16
drwxr-xr-x  8 www   www     512 Jan 23 01:25 adminer
drwxr-xr-x  6 root  wheel   512 Apr 15 01:07 apache24
drwxr-xr-x  8 root  wheel  3072 Apr 15 03:40 phpMyAdmin
drwxr-xr-x  2 root  wheel   512 Apr 15 03:22 testfolder

I have gone trough all of the settings that I know about from Gentoo Linux. But I am clearly missing something. I put up a test page in ~user too see if there was any issue there. No problem. Same as for the folder /usr/local/www/apache24/data that also works without issue. But anything outside it does not. With the exception of public_html folder in user directories.
 
My config:
httpd.conf
Code: 
ServerRoot "/usr/local"
...
Alias /sq/ "/usr/local/www/sq/"

    <Directory "/usr/local/www/sq/">
        Options none
        AllowOverride Limit
        Order Allow,Deny
        Allow from 192.168.0.0/24
        Allow from 10.20.40.6
        Allow from all
     </Directory>

Show me your httpd.conf ServerRoot line?
 
I have managed to get phpMyAdmin working. I won't call this is a fix. But it works. I did copy the phpMyAdmin to the apache24/data folder. This works. Since phpMyAdmin is responding correctly from the looks of it.

The problem here seems to be a security setting in FreeBSD.Something that I am not going to try and change. I did find that Red Hat Linux has the same issue. But it is running SE-Linux on top according to what I was reading. That somehow creates this issue. I do not know FreeBSD well enough at the moment to know what is the source of this issue here. But it remains currently and is unsolved as such from my point of view.

My server root is the same as yours and same goes for the alias settings.
 
@cr4sh, your advice did however work with vhost that was also showing the same '403 forbidden' error. If anyone is having the vhost issue in the future.
 
Last edited by a moderator:
kernelpanic26 said:
Hi,

You have to add this line into your Directory section:
Code: 
Require all granted

And it should work.
Click to expand...

Confirm, it works for me on Apache 2.4:

Code: 
Alias /phpmyadmin "/usr/local/www/phpMyAdmin/"
 
    <Directory "/usr/local/www/phpMyAdmin/">
        Options none
        AllowOverride Limit
        Order Deny,Allow
        Require all granted
    </Directory>
 
I totally missed this thread.

I just want to confirm that using Require all granted is the right solution to this problem. Also note that this has nothing to do with any FreeBSD related settings, this is simply the way the Apache web server works.

Check out the official instructions on upgrading from 2.2 to 2.4, found at the Apache.org website. As you can see they applied changes to the access control. That is what has been troubling you.

Unlike most Linux distributions FreeBSD doesn't try to intrude too much on the way a program works. As such you should always consult the official documentation when trying to use a specific piece of software, instead of assuming that FreeBSD (or the package maintainer) will handle everything for you.

Edit: If you're still using the old configuration yet insist on keeping with Apache 2.4 then you should look into the mod_access_compat module, this was designed to provide the old access control mechanism on a new server environment.
 
Sw0rds1ng3r said:
Confirm, it works for me on Apache 2.4:

Code: 
Alias /phpmyadmin "/usr/local/www/phpMyAdmin/"
 
    <Directory "/usr/local/www/phpMyAdmin/">
        Options none
        AllowOverride Limit
        Order Deny,Allow
        Require all granted
    </Directory>
Click to expand...

Your directory code needs updating. It needs to be like this.

While this is not for phpmyadmin, it works in the same principle. This code works for apache 2.4.

Code: 
Alias /cacti "/usr/local/share/cacti/"
    <Directory /usr/local/share/cacti>
     Require all granted
    </Directory>

Just replace cacti with phpmyadmin or other projects having 403 forbidden messages.
 
I was tearing my hair out over this as well. I migrated from apache2.2->2.4 and despite correctly upgrading I forgot that I was now running PHP over mod_fcgi.
The fix was adding a Options ExecCGI to the phpMyAdmin directive.

Code: 
Alias /phpmyadmin "/usr/local/www/phpMyAdmin/"
<Directory "/usr/local/www/phpMyAdmin/">
  Options ExecCGI
  AllowOverride Limit
  Require all granted
</Directory>
 
You must log in or register to reply here.
Back
Top