Apparently, for some reason using certain phpMyAdmin pages is throwing 403's.

Since earlier this week, when I attempt to use phpMyAdmin to edit a row in one of my databases, I get the following message in the right frame:

Forbidden
You don't have permission to access /phpmyadmin/tbl_change.php on this server.

This comes up when I click the "edit" link on any row, immediately after I've done a search or browse on a table. I suppose it might happen when attempting other operations too, but I can't confirm that at this time.

Anybody else having this problem? Don't want to open a ticket until I know if it's affecting others, too.

Thanks,
yer pal omatic

This exact operation used to work before right?

Your rows wouldn't happen to contain sql queries or something similar to an sql query would it?

I was trying to replicate this on another account but could not get it to give me a 403.

This exact operation used to work before right?Yep, standard stuff.

Your rows wouldn't happen to contain sql queries or something similar to an sql query would it?Nope, not the tables I'm trying to work on right now, at any rate.

I was trying to replicate this on another account but could not get it to give me a 403.I bet you're logged into Ops when you try this, aren't you? I did just discover that if I'm also logged into Ops (on another tab), phpMyAdmin suddenly starts working normally again. And I can edit rows, as one might expect. Log out of Ops, and the FORBIDDEN message returns.

Speculation: Did your guys recently add some .htaccess restrictions to the folders where phpMyAdmin is installed?

This brings to mind another problem I had recently, with the left frame of phpMyAdmin not listing my tables... (details in this thread (http://forum.powweb.com/showthread.php?t=81038)).

no .htaccess, but there is some new mod_security rules that seem to be the cause of your problem.

Unfortunately this is now by design. Whats happening to you is exactly what we want to happen.

So, no more using phpMyAdmin unless you're logged into Ops? Assuming that's the case, then I have a recommendation and another question for you.

First, the recommendation: Make it impossible to get into phpMyAdmin at all, unless you're logged into Ops first. I'd think you wouldn't want it to "half work" like it does now. That just couldn't end well for confused users or your support department.

Secondly, the question: Do you think I will avoid this if I install my own copy of phpMyAdmin (in my webspace) or will the mod_security rules prevent that from working too?

Dang. The one-size-fits-all common phpMyAdmin install used to work so well until just a couple of months ago. It's certainly frustrating when something that worked for years gets broken like this.

You can install phpmyadmin into your own web area and avoid the mod_security rules.(I think I haven't done it personally so cannot vouch for it 100%).

The mod_security rules are catching you out since our copy of phpmyadmin are running on the same servers as the control panel.

If you run it in your account you skip this.


I was thinking phpmyadmin runs a lot better than it did a few months ago :P. It used to be horribly slow and its performance was spotty and inconsistent. It is much much better now.

You can install phpmyadmin into your own web area and avoid the mod_security rules.OK - sounds good. I'll be sure to give it a whirl.

And thanks again for your timely feedback!
omatic