Description of problem: The phpMyAdmin package provides /etc/httpd/conf.d/phpMyAdmin.conf which sets up two global aliases, /phpMyAdmin and /phpmyadmin, that both point to /usr/share/phpMyAdmin. The config file also supplies a section that you can uncomment to make mod_security not block on requests with SQL. This section uses <LocationMatch "/phpMyAdmin/(.+)">. This means that when using /phpMyAdmin the mod_security customization is applied, but not when using the lower-case alias /phpmyadmin. This could be fixed by expanding the regex to also apply to phpmyadmin, but I believe the better fix is to just use <Directory /usr/share/phpMyAdmin> instead of the LocationMatch. The Apache documentation also recommends using the Directory directive: "Use <Location> to apply directives to content that lives outside the filesystem. For content that lives in the filesystem, use <Directory> and <Files>." Version-Release number of selected component (if applicable): 2.11.9.3-1 Patch: #<IfModule mod_security.c> -# <LocationMatch "/phpMyAdmin/(.+)"> +# <Directory /usr/share/phpMyAdmin> # SecRuleInheritance Off -# </LocationMatch> +# </Directory> #</IfModule>
Nils, thanks for your report. I know, what the mod_security part is for, I was the guy wanting to have it there long long time ago. I will take care of this with the next phpMyAdmin update which surely will come...
phpMyAdmin-3.1.0-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/phpMyAdmin-3.1.0-1.fc10
phpMyAdmin-3.1.0-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/phpMyAdmin-3.1.0-1.fc9
phpMyAdmin-3.1.0-1.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/phpMyAdmin-3.1.0-1.fc8
856 (phpMyAdmin): Build on target fedora-4-epel succeeded. 857 (phpMyAdmin): Build on target fedora-5-epel succeeded. Package: phpMyAdmin-3.1.0-1.fc11 Tag: dist-f11 Status: complete Built by: robert Package: phpMyAdmin-3.1.0-1.fc10 Tag: dist-f10-updates-candidate Status: complete Built by: robert Package: phpMyAdmin-3.1.0-1.fc9 Tag: dist-f9-updates-candidate Status: complete Built by: robert Package: phpMyAdmin-3.1.0-1.fc8 Tag: dist-f8-updates-candidate Status: complete Built by: robert
phpMyAdmin-3.1.0-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-3.1.0-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-3.1.0-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.