Sunday, April 17, 2011

phpmyadmin security

I have a production server with apache2, php, mysql. I have just one site right now ( as a virtual host. I want to put phpmyadmin, webalizer, and maybe webmin on there. So far, I installed phpmyadmin, and it works but the whole internet can go to

How can I reduce the visibility to say so it's just accessible to machines behind my firewall?

From stackoverflow
  • You would use a module in Apache called mod_access

    You can either configure it in your apache config file or within a .htaccess file in the directory's root.

    Here's a short example

    <Directory /your_folder/location>
        Order Deny,Allow
        Deny from all
       Allow from
  • Use the <Location> directive (either in server configuration or if it is allowed, in .htaccess). In there, you can use Allow from to deny access to everyone else except some certain source.

  • 1) You can do it at the Webserver level.

    Use allow/deny rules for apache. If you don't have direct access to your apache configuration file, you may use a .htaccess file.

    <Directory /docroot>
        Order Deny,Allow
        Deny from all
        Allow from

    2) You can do it at the application level using the phpmyadmin config file.

    The configuration parameter is: $cfg['Servers'][$i]['AllowDeny']['rules']

    Examples of rules are:

    'all' ->
    'localhost' ->
    'localnetA' -> SERVER_ADDRESS/8
    'localnetB' -> SERVER_ADDRESS/16
    'localnetC' -> SERVER_ADDRESS/24

    You can see this on the official phpMyAdmin configuration documentation.

    Nick : I did option #2 with adding /usr/share/phpmyadmin to allow and it seems to have worked. Thanks.
    Adam Jaskiewicz : Option 2 is the way to go. Simpler, and I'd rather block it before it got to running any PHP period.
    Wadih M. : Okay, I moved the Apache option in the first place.
    Wadih M. : So that people don't get confused: for all comments earlier than that one, when they say option #2 they're actually referring to the Webserver option.


Post a Comment