LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   phpmyadmin and login via ssl (http://www.linuxquestions.org/questions/linux-server-73/phpmyadmin-and-login-via-ssl-852353/)

skoinga 12-25-2010 01:24 PM

phpmyadmin and login via ssl
 
Hi,

I've a problem with phpmyadmin and login via https.
My server is a VPS with Centos 5.5; apache and phpmyadmin are installed with yum:

Quote:

phpmyadmin.noarch 2.11.11.1-1.el5.rf
httpd.x86_64 2.2.3-43.el5.centos.3
I can reach the page with this url:

https://sql.xxxxxyzyz.org

when I type login/password, the URL is automatically redirect to:

http://sql.xxxxxyzyz.org

so I must manually re-add the "s" in order to succesfully view phpmyadmin.

This happens with every browser (Opera, IE, Firefox).
Any suggestion?
Thankyou!

p.s. I also tried to set PmaAbsoluteUri parameter with the URL above, but the problem still occurs..

bathory 12-25-2010 02:54 PM

Hi,

There must be mod_rewrite the reason of this behavior.
Search for a .htaccess in /var/www/html/phpmyadmin, or wherever you installed phpmyadmin containing rewriting rules to turn https into http.
If there is not .htaccess, then look into httpd.conf, or phpmyadmin.conf

Regards

Noway2 12-25-2010 08:37 PM

One other thing to check: If I recall correctly, PhpMyAdmin installs the PHP files somewhere in the /usr tree and creates an alias directive for /phpmyadmin to point to this section of the tree. You may need or want to have this alias directive referenced in your vhost for the SSL site only.

Another, potentially more secure option, would be to make this site accessible only via localhost or your LAN and not accessible via the Internet. Then you can use SSH with a socks proxy to connect to your server and then bring PhpMyAdmin up in your web browser. This will help prevent dictionary attacks as myadmin is a commonly attempted service to find given how much damage you can do with it.

skoinga 12-27-2010 01:47 PM

Quote:

Originally Posted by bathory (Post 4202935)
Hi,

There must be mod_rewrite the reason of this behavior.
Search for a .htaccess in /var/www/html/phpmyadmin, or wherever you installed phpmyadmin containing rewriting rules to turn https into http.
If there is not .htaccess, then look into httpd.conf, or phpmyadmin.conf

Regards

Hi,
I've disabled the DSO mod_rewrite: same behavior.

skoinga 12-27-2010 01:49 PM

Quote:

Originally Posted by Noway2 (Post 4203056)
One other thing to check: If I recall correctly, PhpMyAdmin installs the PHP files somewhere in the /usr tree and creates an alias directive for /phpmyadmin to point to this section of the tree. You may need or want to have this alias directive referenced in your vhost for the SSL site only.

Hi,
I'm not using any Alias, I've a dedicated virtual host that points in the actual DocumentRoot (/usr/share/phpmyadmin).

bathory 12-27-2010 04:53 PM

Hi,

Without posting the rewrite rules and the apache configuration there is not much we can do.
You can try to use a .htaccess with:
Code:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

And make sure you have
Code:

AllowOverride All
in <Directory /usr/share/phpmyadmin>...</Directory> definition, so .htaccess can be red by apache

Regards


All times are GMT -5. The time now is 01:18 PM.