All geek questions in one place

Phpmyadmin security

I have a production server with apache2, php, mysql. I have only one site right now (mysite.com) as a virtual host. I want to put phpmyadmin, webalizer, and possibly webmin. So far I have installed phpmyadmin and it works, but the whole internet can go to mysite.com/phpmyadmin

How can I reduce visibility to say 192.168.0.0/16, so it is just accessible to the machines behind my firewall?

+3
source share
3 answers

1) You can do this at the web server level.

Use allow / deny rules for apache. If you do not have direct access to your apache configuration file, you can use the .htaccess file.

<Directory /docroot>
    Order Deny,Allow
    Deny from all
    Allow from 10.1.2.3
</Directory>

2) , phpmyadmin.

: $cfg['Servers'][$i]['AllowDeny']['rules']

:

'all' -> 0.0.0.0/0
'localhost' -> 127.0.0.1/8
'localnetA' -> SERVER_ADDRESS/8
'localnetB' -> SERVER_ADDRESS/16
'localnetC' -> SERVER_ADDRESS/24

phpMyAdmin.

http://www.phpmyadmin.net/documentation/#servers_allowdeny_order

+7

Apache, mod_access

apache .htaccess .

<Directory /your_folder/location>
    Order Deny,Allow
    Deny from all
   Allow from 123.123.123.123
</Directory>
+1

Use the <Location> directive (either in the server configuration, or if allowed, in .htaccess). There you can use Allow fromto deny access to everything else except some specific source.

0
source

Source: https://habr.com/ru/post/1705799/

More articles:


All Articles