Преди няколко дни излезе XAMPP 1.8.0 вчера след надграждане от версия 1.7.7 имах доста интересен проблем. Phpmyadmin-а не ми се отваряше и изгърмяваше със 403

Access forbidden!


New XAMPP security concept:

Access to the requested object is only available from the local network.

This setting can be configured in the filehttpd-xampp.conf”.

Веднага отворих httpd-xampp.conf който при мен се намира в /opt/lampp/etc/extra/, на пръв поглед всичко изглеждаше наред. Правилата за локалната мрежа бяха наред. Отделно че отварях от localhost. WTF ??? Погледнах log-а гледам че достъпа ми е отрязан от конфигуацията. Тука вече нещата ме ахнаха и честно казано донякъде малко на късмет открих проблема. След като преглеждах httpd.conf-а видях в Allow/Deny клаузите един последен ред Require all granted. О да еврика. Това е новия контролен механизъм който влезе в apache 2.4.x. С него се дава достъп или се отказва такъв на всички изискани, в общи линии се имитира Allow/Deny функционалността :). За да поправим проблема добавяме Require all granted в директивите за папката /opt/lampp/phpmyadmin. After the changes, it looks like this to me

<Directory “/opt / lampp / phpmyadmin”>
AllowOverride AuthConfig Limit
Order allow,deny
Allow from all
Require all granted
</Directory>

 

Viangi can try other savages, for example to rename the phpmyadmin folder to something else and make an alias to no. But it's uglier and not very meaningful 🙂

p.s I was asked why I use XAMPP and not a clean installation of all components as my Debian gave birth to them – the answer is very very simple – LAZINESS. I'm too lazy to write a few commands and then touch my conf and so on. It is much easier to download the whole package, unzip and burn 😉

Enhanced by Zemanta

A few days ago I had a terrible problem with ModSecurity and phpMyAdmin installed. In general, the problem was that, the security module perceived phpMyadmin requests as sql injection attacks. The solution is again trivial, just for the phpmyadmin files I turn off rule checking. I wrote the rules in modsecurity.d / modsecurity_localrules.conf which is located in the folder of your apache server. Here are the rules themselves.

<LocationMatch “/phpmyadmin/tbl_change.php”>
SecRuleEngine Off
</LocationMatch>

<LocationMatch “/phpmyadmin/sql.php”>
SecRuleEngine Off
</LocationMatch>

<LocationMatch “/phpmyadmin/managecontent.php”>
SecRuleEngine Off
</LocationMatch>

<LocationMatch “/phpmyadmin/import.php”>
SecRuleEngine Off
</LocationMatch>

<LocationMatch “/phpmyadmin/tbl_select.php”>
SecRuleEngine Off
</LocationMatch>

<LocationMatch “/phpmyadmin/tbl_replace.php”>
SecRuleEngine Off
</LocationMatch>

Today my phpmyadmin screamed for no apparent reason with the following gross error

Cannot start session without errors, please check errors given in your PHP and/or webserver log file and configure your PHP installation properly.

Generally the problem is the elementary variable session.save path in the php.ini file was worthless. The mystique was unleashed when I remembered that I upgraded my php version and then I probably inadvertently reduced the old settings, and today I restarted the server, that he had started filling the swap because of a zombie 🙂