Why do I always get a 403 error with phpMyAdmin?

I'm running Ubuntu 14.04 LTS server and I'm trying to get phpMyAdmin to work. Whenever I open up 192.168.0.xxx/phpmyadmin it gives me a 403 error. I also have Wordpress installed and I can access that without any issues.

I've tried:

  • Setting the ownership to Apache
  • Restarting my computer/server
  • Used a different computer
  • Uninstalled/reinstalled it (including uninstallinstall, purgeinstall, and install --reinstall)
  • Reading a lot of tutorials/AU questions/posts/blogs of how to fix this, yet none of them have shown me a valid solution.

One odd thing that I find when looking at the "homepage" of the site (i.e. no /foobar on the end), it shows a file explorer. However, it doesn't show phpMyAdmin. Also, it was working a few days ago, and I don't remember changing anything. The only thing that looks odd about this is there's usually something with /serv IIRC, but that may have just been the way I had it on another server...

Note: there's no .htaccess file in the /usr/share/phpmyadmin folder. I've seen some articles hinting that there should be one, but I can't find a definite answer.

/etc/phpmyadmin/apache.conf file:

# phpMyAdmin default Apache configuration
Alias /phpmyadmin /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin>
    Options FollowSymLinks
    DirectoryIndex index.php
    order deny,allow
    #deny from all
    allow from all
    <IfModule mod_php5.c>
            AddType application/x-httpd-php .php

            php_flag magic_quotes_gpc Off
            php_flag track_vars On
            php_flag register_globals Off
            php_value include_path .
    </IfModule>

</Directory>
# Authorize for setup
<Directory /usr/share/phpmyadmin/setup>
 <IfModule mod_authn_file.c>
 AuthType Basic
 AuthName "phpMyAdmin Setup"
 AuthUserFile /etc/phpmyadmin/htpasswd.setup
 </IfModule>
 Require valid-user
</Directory>
#Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/libraries>
   Order Deny,Allow
   Deny from All
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
  Order Deny,Allow
  Deny from All
</Directory>

Apache config file:

# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
Mutex file:${APACHE_LOCK_DIR} default

# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}

# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

KeepAlive On

# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5

# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

# HostnameLookups
HostnameLookups Off

# ErrorLog: The location of the error log file.
ErrorLog ${APACHE_LOG_DIR}/error.log

# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf

# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>


# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives.  See also the AllowOverride
# directive.
#
AccessFileName .htaccess

# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>

# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Include /etc/phpmyadmin/apache.conf

(I do apologize for dumping a large chunk of text in here, but I've been working on this for about three hours and I can't figure out how to fix this. I'd be happy to provide any more files if needed, just leave a comment.)

What is causing this and how can I fix it?


Solution 1:

Change the following few lines in your /etc/phpmyadmin/apache.conf from this:

<Directory /usr/share/phpmyadmin>
    Options FollowSymLinks
    DirectoryIndex index.php
    order deny,allow
    #deny from all
    allow from all

To this:

<Directory /usr/share/phpmyadmin>
    Options Indexes FollowSymLinks MultiViews
    DirectoryIndex index.php
    AllowOverride all
    Require all granted

Your Apache is 2.4+, so it uses Require all granted instead of Allow from all.

Just another tip to drop here: you can take a look at your Apache error.log file to find out why you are being denied (403 error), this could give a clue of what the issue is. The error.log file is usually in the root directory (usually /var/www/html).