Installing SSL certificate breaks phpmyadmin with 403 error

987 views Asked by At

I recently installed an SSL certificate to secure our phpmyadmin login and data, since it is on the public internet. This worked fine, but after successfully logging in over HTTPS this message appears in a pink box:

Error in Processing Request
Error code: 403
Error text: Forbidden

It cannot be clicked away and nothing else works, the only option is to log out again. At the same time, Apache starts logging a flood of 403 errors for /phpmyadmin/error_report.php?ajax_request=true in the access log:

123.xxx.22.170 - - [10/Jun/2015:11:47:26 +0800] "POST /phpmyadmin/db_structure.php?ajax_request=1&favorite_table=1&sync_favorite_tables=1&token=-censored- HTTP/1.1" 403 589 "https://www.-censored-.org/phpmyadmin/index.php?collation_connection=utf8mb4_general_ci&token=-censored-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36"
123.xxx.22.170 - - [10/Jun/2015:11:47:26 +0800] "GET /phpmyadmin/error_report.php?ajax_request=true&server=1&token=-censored-&get_settings=true&exception_type=js&_nocache=1433908072362921249 HTTP/1.1" 403 589 "https://www.-censored-.org/phpmyadmin/index.php?collation_connection=utf8mb4_general_ci&token=-censored-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36"
123.xxx.22.170 - - [10/Jun/2015:11:47:27 +0800] "GET /phpmyadmin/error_report.php?ajax_request=true&server=1&token=-censored-&get_settings=true&exception_type=js&_nocache=143390807256911515 HTTP/1.1" 403 589 "https://www.-censored-.org/phpmyadmin/index.php?collation_connection=utf8mb4_general_ci&token=-censored-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36"
....etc

My Apache config for the directory looks like this:

<Directory /var/www/www.--censored--.org/>
    SSLOptions +StdEnvVars
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Require all granted
</Directory>

Using Ubuntu 14.04 LTS with manually installed phpmyadmin 4.4.7, Apache 2.4.7 and PHP 5.5.9, SSL certificate from Comodo SSL.

Very grateful for any help, all I have been able to find so far are recommendations to set allow from all, which I have done, or suggestions that AJAX and SSL are incompatible. Since phpmyadmin is completely based on AJAX, does this mean that it is impossible to run over HTTPS?

Thanks!

0

There are 0 answers