can't access phpmyadmin when set phpmyadmin_public no

alect

Verified User
Joined
Jan 12, 2011
Messages
28
Question 1:

I set phpmyadmin_public to no in custombuild, (using enhanced theme)
logged in with admin user change to user level, and in the advanced features section I click "phpMyAdmin"
but the link url is https://domain:2222/CMD_DB?domain=domain.com ,
the page redirected to MySQL Management instead of phpMyAdmin pages.

But when I changed the theme to evolution , everything works fine.
in the extra features section, the phpMyAdmin Link is https://domain:2222/phpmyadmin

so this is a bug in enhanced theme?



Question 2:

After I change from to OpenLiteSpeed,
I also tried to enable modsecurity rules from Comodo , when I import a sql file via phpmyadmin
pma says error 403, so I have to try to disable modsecurity for pma.
I don't know which file should I edit so I can disable the modsecurity for pma.

Any suggestion?
 
Last edited:
The reason it's an href to MySQL Management is that it must be a POST to the CMD_PMA_LOGIN call.
An a href cannot make a POST, only a GET call.
Once on the actual Datbases listing page, aka:
/CMD_DB?domain=domain.com

then you'll be able to click the phpMyAdmin SSO button at the top of the page (looking at Enhanced).

Let me know if you're still looking to skip the 2nd click, and I can perhaps pass it an auto-post on the 2nd page, based on an extra GET var on the top-level CMD_SHOW_DOMAIN domain page.... or simply JS to post a form on the CMD_SHOW_DOMAIN page (prefer not to add a form there, but will do it if needed)

John
 
For mod_security, I did a quick check, and looks like they have file ready for any custom rules:
Code:
[root@es6-64-test cwaf]# cat /usr/local/cwaf/etc/httpd/custom_user.conf
# Put your custom ModSecurity directives here
# Please don't remove this file
[root@es6-64-test cwaf]#
so try that location for the specific rules you're trying to add.
Including a specific mod_security log error would help determine which rules should be there.

John
 
Facing the same issue of 403 while importing a sql file to DB in phpmyadmin.
Using latest DA, OpenLiteSpeed, Comodo WAF.

If I add the following lines to the file /usr/local/cwaf/etc/httpd/custom_user.conf
Code:
<Directory /var/www/html/phpMyAdmin>
SecRuleEngine Off
</Directory>

The ModSecurity on the whole server gets disabled.
Could you please provide a way to solve this?
 
put that at "/etc/httpd/conf/extra/httpd-include.conf".

maybe it wrong path, but it should be something like this.
 
Hi @jamgames2,

Tried with that file as suggested by you and restarted openlitespeed, but it still generates a 403 while importing the DB.
Do I need to rebuild openlitespeed?
 
ahh I forgot to read "openlitespeed" mention.

move path to "/usr/local/lsws/conf/httpd-include.conf"
 
ahh I forgot to read "openlitespeed" mention.

move path to "/usr/local/lsws/conf/httpd-include.conf"
Tried with the above file as well.
Restarted OpenLiteSpeed.
Still generates a 403 error, when importing a DB.
 
for ols, should be context block location

#httpd-include.conf
Code:
context exp:^/phpMyAdmin {
type static
location /var/www/html/phpMyAdmin/
modsecurity  off
}

Since I play with OLS for once a time in my lifes. So maybe it incorrect syntax.
 
for ols, should be context block location

#httpd-include.conf
Code:
context exp:^/phpMyAdmin {
type static
location /var/www/html/phpMyAdmin/
modsecurity  off
}

Since I play with OLS for once a time in my lifes. So maybe it incorrect syntax.
Thanks for the code @jamgames2. Still generates a 403 error.
One more thing, should I rebuild modsecurity or rewrite_confs after adding this file?
 
basic, it's not needed. unless you custom with "./directadmin/custombuild/custom/".

good luck.
 
Back
Top