403 Forbidden access of phpmyadmin at AWS EC2 instance - mysql

My /etc/httpd/conf.d/phpMyadmin.conf has the following configurations
# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip xx.xx.xx.xxx
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
#Deny from All
Allow from xx.xx.xx.xxx
Allow from ::1
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip xx.xx.xx.xxx
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
#Deny from All
Allow from xx.xx.xx.xxx
Allow from ::1
</IfModule>
</Directory>
# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
Order Deny,Allow
#Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/lib/>
Order Deny,Allow
#Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/frames/>
Order Deny,Allow
#Deny from All
Allow from None
</Directory>
# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc. This may break your mod_security implementation.
#
#<IfModule mod_security.c>
# <Directory /usr/share/phpMyAdmin/>
# SecRuleInheritance Off
# </Directory>
#</IfModule>
When I access at my page EC2 instance as
http://xx.xx.xx.xxx/phpmyadmin, I have You don't have permission to access /phpmyadmin on this server. error.
I made sure this ip address xx.xx.xx.xxx is my EC2's Elastic IP address.
phpMyadmin.conf has correct xx.xx.xx.xxx to allow.
I tried to follow the similar links of this, this and this.
But still have the error. What could be wrong with my error?
My EC2 instance has AWS linux OS installed.
Thanks

As per my understanding this configuration is related to PhpMyadmin. In order to load this configuration into Apache Web Server, Make sure Apache is loading all the configuration files from conf.d by looking into httpd.conf if you are using apache [Not Apache2] and apache2.conf [for Apache2].
Inside /etc/apache2/apache2.conf, you will find the following line, which includes those files:
# Include generic snippets of statements
Include conf.d/
[Refference]
You might have checked it still, it is one of the solution.

I have same error. Follow this link https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/install-LAMP.html to do all owner and group changes. Did all as you did above, but it's getting that error. Finally after restarting httpd, I become able to connect.

Related

Error code 403 when using WAMP for custom website

When attempting to access a website i am attempting to host on my pc using WAMP i get the typical error code 403 forbidden. I have edited the apache config to allow all etc but still seem to get it, however i can see localhost and phpadmin from 127.0.0.1
Any other suggestions? i can attach my apache config or put it in a pastebin if needed
For reference im running Win10(64x) with WAMP Server 3.0.6 (64x)
I have followed multiple tutorials from youtube and stackoverflow but cannot seem to get it to work as most use commands given are from linux such as 'chmd' (i have used linux before therefor understand what this means but cant work out how to do the same thing via windows)
Try making virtual host and give access to all local user. Make sure you give access to
file -------> httpd.conf
DocumentRoot "${INSTALL_DIR}/www"
<Directory "${INSTALL_DIR}/www/">
#onlineoffline tag - don't remove
Require local
Require ip 192.168.0
</Directory>
Edit httpd-vhosts.conf As like:
file ------> httpd-vhosts.conf
# Virtual Hosts
<VirtualHost *:80>
ServerName localhost
DocumentRoot c:/wamp64/www
<Directory "c:/wamp64/www/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName smarthome
DocumentRoot "c:/wamp64/www/smarthome"
<Directory "c:/wamp64/www/smarthome/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>

phpmyadmin - Forbidden - You don't have permission to access /phpmyadmin/ on this server

I'm aware this has been asked many times before but all of the answers seem the same and none of them work for me.
I want to access the phpmyadmin GUI from something other than the localhost.
I'm getting the error "Forbidden - You don't have permission to access /phpmyadmin/ on this server." in the browser.
I'm using CentOS7, Apache 2.4.6 and phpMyAdmin-4.4.15.10-1.el7.
I've tried this:
<Directory /usr/share/phpMyAdmin/>
Order Allow,deny
Allow from all
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
Order Allow,deny
Allow from all
</Directory>
Most people seem to suggest I can just do:
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require all granted
</RequireAny>
</IfModule>
Or:
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 192.168.1.6
</RequireAny>
</IfModule>
But none of that works.
This is the current state:
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 192.168.1.6
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Allow,Deny
Allow from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
Still getting:
Forbidden
You don't have permission to access /phpmyadmin/ on this server.
EDIT-
Just as additional information, I have disabled SELinux and made sure permissions on /usr/share/phpMyAdmin are correct.
EDIT AGAIN-
I've now tried this...
<Directory /usr/share/phpMyAdmin/>
Require all granted
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
Require all granted
</Directory>
Which is surely as basic as you can get and yet I still get the error?
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Allow,Deny
Allow from All
</IfModule>
</Directory>
Got this working eventually. There were a few problems at once, which was getting in the way of troubleshooting the main problem...
First, edit phpMyAdmin.conf...
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 192.168.1.6
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
OR
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
You also need to make sure that/usr/share/phpMyAdmin is not only readable but also executable for the Apache user. I just recursively chmodded it to 777.
You also need to add the following to /etc/httpd/conf/httpd.conf:
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
Check /var/log/httpd/error_log to see what your particular error is at each step.

403 Error when accessing phpMyAdmin on an ec2 Instance

I wanted to install a LAMP environment on a new EC2 instance using Amazon-Linux following amazon's tutorial. Then I wanted to have phpMyAdmin so I installed it using sudo yum --enablerepo=epel install phpmyadmin and created a link to the www directory sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin.
Then I altered the /etc/httpd/conf.d/phpMyAdmin.conf file to allow access.
The current file:
# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
Order allow,deny
Allow from all
</Directory>
# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/lib/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/frames/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc. This may break your mod_security implementation.
#
#<IfModule mod_security.c>
# <Directory /usr/share/phpMyAdmin/>
# SecRuleInheritance Off
# </Directory>
#</IfModule>
But still I'm getting a 403 error, when I try to access /phpMyAdmin
error_log:
[Thu Aug 27 13:45:47.702678 2015] [authz_core:error] [pid 25763] [client 37.49.61.176:59958] AH01630: client denied by server configuration: /usr/share/phpMyAdmin/
[Thu Aug 27 13:45:48.699611 2015] [authz_core:error] [pid 25763] [client 37.49.61.176:59958] AH01630: client denied by server configuration: /usr/share/phpMyAdmin/
[Thu Aug 27 13:49:22.181819 2015] [authz_core:error] [pid 25765] [client 37.49.61.176:60222] AH01630: client denied by server configuration: /usr/share/phpMyAdmin/
What else could be the error?
The issue was fixed after I removed
Alias /phpMyAdmin /usr/share/phpMyAdmin
from
/etc/httpd/conf.d/phpMyAdmin.conf
And then don't forget to restart by using the following command
sudo service httpd restart
Copy the following code in your /etc/httpd/conf.d/phpMyAdmin.conf
I found it here http://howsolve.com/i-always-get-a-403-error-with-phpmyadmin-ec2-aws/
# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
Order allow,deny
Allow from all
</Directory>
# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/lib/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/frames/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc. This may break your mod_security implementation.
#
#<IfModule mod_security.c>
# <Directory /usr/share/phpMyAdmin/>
# SecRuleInheritance Off
# </Directory>
#</IfModule>

Installing phpMyAdmin onto Amazon EC2 instance

I've configured my EC2 instance as a LAMP, following Amazon's tutorial. That appears to be functioning correctly (I can see phpinfo() in a file I've uploaded OK).
I then tried to install phpMyAdmin by doing the following:
sudo yum --enablerepo=epel install phpmyadmin
I can see that phpMyAdmin is now in /usr/share/phpmyadmin, so I added an symbolic link:
sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin
I then edited http.conf to add AllowOverride all to <Directory "/var/www/html">. (Command: sudo nano /etc/httpd/conf/httpd.conf)
And then restarted the server:
sudo service httpd restart
But whenever I visit http://ec2-xx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com/phpmyadmin I get a 403 Forbidden response from the server: You don't have permission to access /phpmyadmin on this server.
I feel like I'm missing something really obvious, but I cannot figure out what.
I needed to update the /etc/httpd/conf.d/phpMyAdmin.conf to allow remote users.
I just replaced the contents of the first <directory> tag like so...
I removed:
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
And replaced it with this:
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
Order allow,deny
Allow from all
</Directory>
And restarted the server: sudo service httpd restart
Works now!
I had the same issue, and Chuck Le Butt's solution was very helpful, although a little different for me...
My ISP uses dynamic IP addresses so when I setup the server it was via a different IP.
When I returned to it the following day, my IP address had changed so I was forbidden.
Butt, rather than allowing access from all IP's as Chuck suggested, I've updated my previous IP addresses in the phpMyAdmin.conf file.
sudo nano /etc/httpd/conf.d/phpMyAdmin.conf
I replace
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</Directory>
to
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAll>
Require all granted
</RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Allow,Deny
Allow from All
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
Order Allow,Deny
Allow from All
</Directory>
And it works~

Munin zoom isn't working

Munin installed on FreeBSD 8.0.
Address: http://site.com/munin/
Path: /usr/local/www/munin/
Problem: zoom is not working (image is not showing). In apache logs I see:
[Sun Jan 13 16:42:25 2013] [error] [client 1.2.3.4] File does not exist: /usr/home/site/htdocs, referer: http://site.com/munin/static/dynazoom.html?plugin_name=com%2Fsite.com%2Fhttp_response_time_site&start_iso8601=2013-01-12T08%3A26%3A43%2B0400&stop_iso8601=2013-01-12T14%3A17%3A43%2B0400&start_epoch=1357943743&stop_epoch=1357996393&lower_limit=&upper_limit=&size_x=800&size_y=400&cgiurl_graph=
My httpd.conf:
Alias /munin/ "/usr/local/www/munin/"
How to fix it?
I know this is over a year old but I'm sure there are other people having this issue and finding this on google. (like me)
This is for Debian 7.6 + Munin version 2.0.6-4+deb7u2. Zoom is actually working but it's localhost only. I didn't test this on Freebsd or any other bsd/linux distros so far but I think the problem&solution will be similar.
Please edit this file:
/etc/munin/apache2.conf
# Enables fastcgi for munin-cgi-graph if present
ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
<Location /munin-cgi/munin-cgi-graph>
Order allow,deny
# Allow from localhost 127.0.0.0/8 ::1
Allow from all
# AuthUserFile /etc/munin/munin-htpasswd
# AuthName "Munin"
# AuthType Basic
# require valid-user
<IfModule mod_fastcgi.c>
SetHandler fastcgi-script
</IfModule>
</Location>
ScriptAlias /munin-cgi/munin-cgi-html /usr/lib/munin/cgi/munin-cgi-html
<Location /munin-cgi/munin-cgi-html>
Order allow,deny
# Allow from localhost 127.0.0.0/8 ::1
Allow from all
# AuthUserFile /etc/munin/munin-htpasswd
# AuthName "Munin"
# AuthType Basic
# require valid-user
<IfModule mod_fastcgi.c>
SetHandler fastcgi-script
</IfModule>
</Location>
You will see "Allow from localhost 127.0.0.0/8 ::1" for both munin-cgi-graph and munin-cgi-html. Please comment these lines out and add "Allow from all" (change this depending on your security settings of course) and restart apache2. Now you should be able to zoom to your graphs.
I had the same problem on Ubuntu 12.04, and fixed it with these steps:
Turn off SELINUX: $ sudo setenforce 0
Add this to Apache vhost config: ScriptAlias /munin-cgi/ "/var/www/cgi-bin/"
Change permissions on /var/log/munin so that Apache can open files there.
To find out where munin-cgi-graph is installed on your system:
find / -name munin-cgi-graph