Phpmyadmin Security

- 1 answer

I have a production server with apache2, php, mysql. I have just one site right now ( as a virtual host. I want to put phpmyadmin, webalizer, and maybe webmin on there. So far, I installed phpmyadmin, and it works but the whole internet can go to

How can I reduce the visibility to say so it's just accessible to machines behind my firewall?



1) You can do it at the Webserver level.

Use allow/deny rules for apache. If you don't have direct access to your apache configuration file, you may use a .htaccess file.

<Directory /docroot>
    Order Deny,Allow
    Deny from all
    Allow from

2) You can do it at the application level using the phpmyadmin config file.

The configuration parameter is: $cfg['Servers'][$i]['AllowDeny']['rules']

Examples of rules are:

'all' ->
'localhost' ->
'localnetA' -> SERVER_ADDRESS/8
'localnetB' -> SERVER_ADDRESS/16
'localnetC' -> SERVER_ADDRESS/24

You can see this on the official phpMyAdmin configuration documentation.