I have a production server with apache2, php, mysql. I have just one site right now (mysite.com) as a virtual host. I want to put phpmyadmin, webalizer, and maybe webmin on there. So far, I installed phpmyadmin, and it works but the whole internet can go to mysite.com/phpmyadmin
How can I reduce the visibility to say 192.168.0.0/16 so it's just accessible to machines behind my firewall?
-
You would use a module in Apache called mod_access
You can either configure it in your apache config file or within a .htaccess file in the directory's root.
Here's a short example
<Directory /your_folder/location> Order Deny,Allow Deny from all Allow from 123.123.123.123 </Directory>
-
Use the <Location> directive (either in server configuration or if it is allowed, in .htaccess). In there, you can use
Allow from
to deny access to everyone else except some certain source. -
1) You can do it at the Webserver level.
Use allow/deny rules for apache. If you don't have direct access to your apache configuration file, you may use a .htaccess file.
<Directory /docroot> Order Deny,Allow Deny from all Allow from 10.1.2.3 </Directory>
2) You can do it at the application level using the phpmyadmin config file.
The configuration parameter is:
$cfg['Servers'][$i]['AllowDeny']['rules']
Examples of rules are:
'all' -> 0.0.0.0/0 'localhost' -> 127.0.0.1/8 'localnetA' -> SERVER_ADDRESS/8 'localnetB' -> SERVER_ADDRESS/16 'localnetC' -> SERVER_ADDRESS/24
You can see this on the official phpMyAdmin configuration documentation.
http://www.phpmyadmin.net/documentation/#servers_allowdeny_order
Nick : I did option #2 with adding /usr/share/phpmyadmin to allow 192.168.0.0/16 and it seems to have worked. Thanks.Adam Jaskiewicz : Option 2 is the way to go. Simpler, and I'd rather block it before it got to running any PHP period.Wadih M. : Okay, I moved the Apache option in the first place.Wadih M. : So that people don't get confused: for all comments earlier than that one, when they say option #2 they're actually referring to the Webserver option.
0 comments:
Post a Comment