phpMyAdmin - 403 permission denied - Centos7

Question

I have installed phpMyAdmin on my server running apache 2.4.6 on Centos7, I am getting error as You don't have permission to access /phpmyadmin on this server.

my server ip is 62.210.xx.xx I am browsing 62.210.xx.xx/phpmyadmin/ remotely from another ip xx.xx.xx.xx

/etc/httpd/conf.d/phpMyAdmin.conf

# phpMyAdmin - Web based MySQL browser written in php
# 
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory "/usr/share/phpMyAdmin/">
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Require ip 62.210.xx.xx
     </RequireAny>
   </IfModule>

   <IfModule !mod_authz_core.c>
     # Apache 2.2
     #Order Deny,Allow
     #Allow from 127.0.0.1
     #Allow from ::1
     #Allow from 62.210.xx.xx
     #Deny from All
     Allow from All
   </IfModule>
</Directory>

<Directory "/usr/share/phpMyAdmin/setup/">
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Require ip 62.210.xx.xx
     </RequireAny>
   </IfModule>

   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Allow from 127.0.0.1
     Allow from ::1
     Allow from 62.210.xx.xx
     #Deny from All
     #Allow from All
   </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory "/usr/share/phpMyAdmin/libraries/">
    #Order Deny,Allow
    #Deny from All
    #Allow from None
</Directory>

<Directory "/usr/share/phpMyAdmin/setup/lib/">
    #Order Deny,Allow
    #Deny from All
    #Allow from None
</Directory>

<Directory "/usr/share/phpMyAdmin/setup/frames/">
    #Order Deny,Allow
    #Deny from All
    #Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory "/usr/share/phpMyAdmin/">
#        #SecRuleInheritance Off
#    </Directory>
#</IfModule>

I have added line Require ip 62.210.xx.xx and Allow from 62.210.xx.xx as suggested in other questions here but still its not working.

Please see and suggest any possible way to do it.

Thanks

update its working with Require all granted and Require mylocalIP but that's not I want I want to allow from my server ip 62.210.xx.xx or local ip range only

Answer 1

I also faced the same issue when I installed PHPMyAdmin in my CentOS 7 VPS. I have fixed the issue by adding this line Require all granted in the directory section. Below is an example.

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

Note: Replace the IP address with 127.0.0.1

Answer 2

I think you will need to look at the main apache config to see any restrictions in there for access to directories. The config to look for would be: Order deny,allow Deny fromall

Order allow,deny allow from all

If this does not work, then check permissions on the file system. If this does not work, is the phpadmin a symlink to somewhere else that is not covered under: Order deny,allow Deny fromall

Order allow,deny allow from all

HTH Kobus

Answer 3

I found out a way to make it work following this official document, as I am browsing from local ip I need to tell apache my local ip range.

added Require ip xxx.xx where xxx.xx are my local partial IP address for dial up connection, if you have dedicated ip add full ip Require ip xxx.xxx.xxx.xxx.

And now its working.

I hope it helps others too.