Forbidden :You don't have permission to access /phpmyadmin on this server

Question

Hi I have installed phpmyadmin on my centos machine and when I try to hit phpmyadmin through my browser I get this error :

Forbidden
You don't have permission to access `phpmyadmin` on this server.

My phpmyadmin.conf file has following content:

# phpMyAdmin - Web based MySQL browser written in php
# 
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin


<Directory /usr/share/phpMyAdmin/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>

Kindly help me resolve this issue. Any lead is appreciated.

Thanks

You are currently only allowing localhost to access in `usr/share/phpmyadmin` I would recommend only adding a whitelist of IPs for security. — Elliot Fehr, Apr 23 '14 at 05:31
possible duplicate of [phpMyAdmin + CentOS 6.0 - Forbidden](http://stackoverflow.com/questions/7499849/phpmyadmin-centos-6-0-forbidden) — Rikesh, Apr 23 '14 at 05:31
You mean to say replacing 127.0.0.1 with my machines IP. I have done that too but this error persists. — Megha Sharma, Apr 23 '14 at 05:32
Have you added that in your `httpd.conf` file ? Have you restarted your apache server ? — Rikesh, Apr 23 '14 at 05:40
I have replaced all the occurrences of 127.0.0.1 with my IP . No I have not added that to httpd.conf file. How to do that. can you describe me the steps to resolve this issue. — Megha Sharma, Apr 23 '14 at 05:42
Check how to configure httpd.conf in this [answer](http://stackoverflow.com/a/7552989/696364). — Rikesh, Apr 23 '14 at 05:46

Hyder B. · Answer 1 · 2020-03-04T12:13:23.720

120

None of the configuration above worked for me on my CentOS 7 server. After hours of searching, that what worked for me:

Edit file phpMyAdmin.conf

sudo nano /etc/httpd/conf.d/phpMyAdmin.conf

And replace the existing <Directory> ... </Directory> node with the following:

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       #Require ip 127.0.0.1
       #Require ip ::1
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

edited Mar 04 '20 at 12:13

answered Mar 30 '15 at 19:30

Hyder B.

10,900
5
51
60

2

for Cent OS 7 it's perfect – Varun Naharia Nov 11 '15 at 17:33
What (important) changes are there in these new lines? – mwfearnley Dec 04 '15 at 12:31
9

This is NOT the right answer! You don't want to `Require all granted` since that will allow any host to access phpMyAdmin. The intent of `Require ip 127.0.0.1` is to only allow the localhost access, which is secure. – Alvin Bunk Feb 10 '16 at 21:28
1

I know the thinking is that this is insecure, and I can understand as well, but what's the correct practice in this case? Many people use dynamic IPs which don't stick. I would change the configuration to this temporarily and then change it back so it is only open when necessary, but it doesn't seem like an optimal solution. – potNPan Apr 29 '16 at 05:57
1

The answer is not even clear. Replace this at the top...What are we to replace? – Olu Adeyemo Oct 09 '19 at 18:16
it's perfect (for me) because yes for my case (a hosting company serving thousands of clients) I will allow any host to access phpMyadmin with a valid password. – Ken Lee Jan 21 '21 at 07:20
Hi. Given the security implications of this answer, I think it would be better if you explain what changes this replacement makes in practice, and what effect those changes have. – mwfearnley Aug 19 '22 at 09:34

Edouard Thiel · Answer 2 · 2021-05-01T10:06:10.240

60

On a fresh install on CENTOS7 I have tried the above methods (edit phpMyAdmin.conf and add Require all granted), it still does'nt work. Here is the solution : install the mod_php module :

$ sudo yum install php

then restart httpd :

$ sudo systemctl restart httpd

and voila !

edited May 01 '21 at 10:06

answered Apr 21 '15 at 10:35

Edouard Thiel

5,878
25
33

This installation is so much better handled in Ubuntu IMO... but hey, thats life. – FreeSoftwareServers Dec 21 '16 at 20:25
1

Correct answer for me. Nor php or httpd were installed on my machine. Installed phpmyadmin, then httpd and at the end php, and now it's working! – Erwan Jun 11 '17 at 20:56
1

Nice direction. One must first ensure that php is installed. – user2720864 Nov 17 '17 at 11:18
3

Kind of ridiculous that php is not included as a dependency for phpMyAdmin – Timothy Pulliam Jan 07 '18 at 21:52
1

I installed mod_php: `yum -y install mod_php` and restart apache. It worked. – Ngoc Nam Dec 26 '18 at 07:55
This worked for me i was using `Centos 7` – Santosh Garole Apr 11 '22 at 08:42

score 44 · Accepted Answer · edited Oct 17 '19 at 20:34

44

You need to follow the following steps:

Find line that read follows

Require ip 127.0.0.1

Replace with your workstation IP address:

Require ip 10.1.3.53

Again find the following line:

Allow from 127.0.0.1

Replace as follows:

Allow from 10.1.3.53

Also find deny from all and comment it in the entire file.

Save and close the file.Restart Apache httpd server:

# service httpd restart

Edit: Since this is the selected answer and gets best visibility ... please also make sure that PHP is installed, otherwise you get same Forbidden error.

edited Oct 17 '19 at 20:34

adrianTNT

3,671
5
29
35

answered Apr 23 '14 at 12:20

Megha Sharma

2,235
8
27
31

I do that and work fine, but I need to allow to more than 1 IP addr, how can I do that? or better, how can I allow to public access? – rafaelphp Aug 14 '15 at 21:19
You can specify an IP range like this: `Require ip 192.168` Do not include `Allow from` inside `` block. Documentation here: [link](https://httpd.apache.org/docs/trunk/mod/mod_authz_core.html) – jott19 Dec 19 '16 at 21:48
3

This is the correct answer. And if anyone is wondering, the file is located here - /etc/httpd/conf.d/phpMyAdmin.conf – Testing123 Sep 17 '17 at 23:55
Thank you for posting the actual secure answer! – Petro Nov 28 '18 at 00:46
Thank you very much, you saved my life <3 – Abdelhadi Abdo May 24 '19 at 15:10
1

Since yours is the selected answer, could you add at the end that `PHP` should also be installed ? Otherwise you get same `Forbidden` error, which is not intuitive. – adrianTNT Oct 17 '19 at 20:33
How did that other answer get 99 votes, just shows how many people needed this but knew nothing and it worked for them but they don't care about security – TheArchitecta Mar 04 '20 at 12:09

score 8 · Answer 4 · edited Sep 18 '16 at 05:04

8

To allow from all:

#Require ip 127.0.0.1
#Require ip ::1
Require all granted

edited Sep 18 '16 at 05:04

Nisse Engström

4,738
23
27
42

answered Oct 12 '14 at 16:09

wrr

133
1
1

@DaemonOfTheWest, what does this do? – jds May 25 '15 at 13:36
2

@gwg - if anyone figures out a valid user/password combination, they can access your DB - which will really suck - even more so if you forgot to run /usr/bin/mysql_secure_installation – webaholik Jul 10 '15 at 17:41
Actually, do this if your setup requires it. Like installing phpmyadmin for multiple users who need to access it via internet or your intranet... And secure your installation via other means. Its appalling to see people telling 'never do this'. They dont seem to know what phpmyadmin was developed for. – unity100 May 20 '19 at 20:34

score 5 · Answer 5 · answered Feb 21 '15 at 12:58

5

Edit file: sudo nano /etc/httpd/conf.d/phpMyAdmin.conf and replace yours with following:

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8
   <IfModule mod_authz_core.c>
     # Apache 2.4
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
   </IfModule>
</Directory>

Restart Apache: service httpd restart

(phpMyAdmin v4.0.10.8)

answered Feb 21 '15 at 12:58

emotality

12,795
4
39
60

tried your solution got : Not Found The requested URL /phpMyAdmin was not found on this server. – Ashish Karpe Nov 07 '17 at 07:14
Then added : Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin.....now getting : Forbidden You don't have permission to access /phpMyAdmin on this server. – Ashish Karpe Nov 07 '17 at 07:15
Sorry it didnt work for you. It is a 2.5year old answer. But to try and debug, make sure `/usr/share/phpMyAdmin/` exist or change the path in your config. – emotality Nov 07 '17 at 07:16
ls -lthr /usr/share/phpMyAdmin/ total 924K -rw-r--r-- 1 root root 1.2K Mar 29 2017 webapp.php -rw-r--r-- 1 root root 3.5K Mar 29 2017 view_operations.php -rw-r--r-- 1 root root 7.0K Mar 29 2017 view_create.php – Ashish Karpe Nov 07 '17 at 07:17

score 4 · Answer 6 · answered Aug 27 '14 at 04:34

4

First edit the file /etc/httpd/conf.d/phpMyAdmin.conf and add the additional line to the directory settings:

<Directory /usr/share/phpMyAdmin/>
order deny,allow
deny from all
allow from 127.0.0.1
allow from 192.168.1.0/15
</Directory>

If you wanted to allow access to everybody then you could just change it to:

<Directory /usr/share/phpMyAdmin/>
order allow,deny
allow from all
</Directory>

Allow in all sections of the file.

A restart (service httpd restart) is enough to pick this up.

I found this after 2 days rigorous research, (find it here) and worked just right for me.

answered Aug 27 '14 at 04:34

Syed Zuber

49
3

I try to do that and dont work, dont allow to all access phpmyadmin, stil have forbidden page – rafaelphp Aug 14 '15 at 21:28
"allow from" should be changed to "Required ip" in both 2 lines, delete 2 lines of order and deny, then it would work. – Hung Tran Nov 09 '15 at 08:55

score 3 · Answer 7 · answered Feb 10 '16 at 21:33

The problem with the answer with the most votes is it doesn't explain the reasoning for the solution.

For the lines Require ip 127.0.0.1, you should instead add the ip address of the host that plans to access phpMyAdmin from a browser. For example Require ip 192.168.0.100. The Require ip 127.0.0.1 allows localhost access to phpMyAdmin.

Restart apache (httpd) after making changes. I would suggest testing on localhost, or using command line tools like curl to very a http GET works, and there is no other configuration issue.

Laurent Mortier · Answer 8 · 2019-07-18T08:46:09.850

Centos 7 php install comes with the ModSecurity package installed and enabled which prevents web access to phpMyAdmin. At the end of phpMyAdmin.conf, you should find

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>

which gives you the answer to the problem. By adding

    SecRuleEngine Off

in the block "Directory /usr/share/phpMyAdmin/", you can solve the 'denied access' to phpmyadmin, but you may create security issues.

score 2 · Answer 9 · answered Sep 18 '19 at 13:33

Find your IP address and replace where ever you see 127.0.0.1 with your workstation IP address you get from the link above.

. . .
Require ip your_workstation_IP_address
. . .
Allow from your_workstation_IP_address
. . .
Require ip your_workstation_IP_address
. . .
Allow from your_workstation_IP_address
. . .

and in the end don't forget to restart the server

sudo systemctl restart httpd.service

score 1 · Answer 10 · answered Sep 17 '16 at 08:58

1

You could simply go to phpmyadmin.conf file and change "deny from all" to "allow from all". Well it worked for me, hope it works for you as well.

answered Sep 17 '16 at 08:58

manvendra dubey

33
1
7

score 1 · Answer 11 · answered Apr 24 '20 at 13:14

1

With the latest version of phpmyadmin 5.0.2+ at least

Check that the actual installation was completed correctly,

Mine had been copied over into a sub folder on a linux machine rather that being at the

/usr/share/phpmyadmin/

answered Apr 24 '20 at 13:14

navarq

1,075
2
15
20

1

Problem with me was the phpmyadmin was uninstalled. – Petar Vasilev Jan 19 '23 at 17:12

score 0 · Answer 12 · answered Mar 06 '21 at 08:59

In appserver I got same problem and I went to 'C:\AppServ\Apache24\conf\extra' folder I modify httpd-vhosts.conf file from

<VirtualHost _default_:80>
DocumentRoot "${SRVROOT}/htdocs"
#ServerName www.example.com:80
</VirtualHost>

to

<VirtualHost _default_:80>
DocumentRoot "C:\AppServ\www"
#ServerName www.example.com:80
</VirtualHost>

score 0 · Answer 13 · answered Oct 10 '21 at 09:29

For Centos OS (7.x), installed phpMyadmin -> "sudo yum install phpmyadmin"

Edit file: "sudo nano /etc/httpd/conf.d/phpMyAdmin.conf"

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip [...your_device_ip...]
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from [...your_device_ip...]
     Allow from ::1
   </IfModule>
</Directory>

Change line:
Require ip 118.2.141...
Allow from 118.2.141...

And restart the server:
"Sudo service httpd restart"

Database interface access link: http://your_device_ip/phpmyadmin/
Good luck!

Forbidden :You don't have permission to access /phpmyadmin on this server

13 Answers13

Linked