1.访问phhmyadmin的时候,出现如下标示
Forbidden
You don't have permission to access /phpmyadmin on this server.
消息如下图所示:
2.查询http的log
[Sat Oct 13 23:48:07.716815 2018] [authz_core:error] [pid 2299] [client 117.83.4.243:4480] AH01630: client denied by server configuration: /usr/share/phpMyAdmin
[Sat Oct 13 23:48:07.931494 2018] [authz_core:error] [pid 2299] [client 117.83.4.243:4480] AH01630: client denied by server configuration: /usr/share/phpMyAdmin
[Sat Oct 13 23:49:11.749237 2018] [authz_core:error] [pid 2296] [client 117.83.4.243:6592] AH01630: client denied by server configuration: /usr/share/phpMyAdmin
[Sat Oct 13 23:49:12.717518 2018] [authz_core:error] [pid 2296] [client 117.83.4.243:6592] AH01630: client denied by server configuration: /usr/share/phpMyAdmin
[Sat Oct 13 23:49:15.226339 2018] [authz_core:error] [pid 2296] [client 117.83.4.243:6592] AH01630: client denied by server configuration: /usr/share/phpMyAdmin
3. 将错误代码,复制到百度中查询,得到如下解决方法,也可以正常访问了!
在apache 2.4里,访问权限配置与2.2不同,如果设置不对,则会报403错误,日志中会报 AH01630: client denied by server configuration。
[Sun Aug 27 19:01:37.591240 2017] [authz_core:error] [pid 16] [client 172.17.0.1:55766] AH01630: client denied by server configuration: /var/www/html/doc/
172.17.0.1 - - [27/Aug/2017:19:01:37 +0800] "GET /doc/ HTTP/1.1" 403 506 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0"
1、如果目录下有.htaccess文件,并且有如下内容,则此目录外部不能访问。
## no access to this folder
# Apache 2.4
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
# Apache 2.2
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
可将Require all denied修改为Require all granted允许外部访问,或修改为Require host localhost只允许本机访问,或修改为Require ip x.x.x.x 允许指定的IP访问。
如将mantisbt的doc可在本地访问,可修改doc目录下的.htaccess文件。
1)如果是本机安装,可将Require all denied修改为Require ip 127.0.0.1
2)如果是安装在docker下,可将Require all denied修改为Require ip 172.17.0.1
具体看日志中报错的client ip 地址。
2、如果放开指定目录的访问权限,也可在virtualhost的directory配置中明确设定Require all granted。
<Directory /var/www/html>
Options -Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
更多配置选项见https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
附整个配置文件内容
# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
#Deny from All
Allow from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/lib/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/frames/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc. This may break your mod_security implementation.
#
#<IfModule mod_security.c>
# <Directory /usr/share/phpMyAdmin/>
# SecRuleInheritance Off
# </Directory>
#</IfModule>