Cannot Restrict phpMyAdmin Access
 

I am running Ubuntu 12.04 Server with a LAMP server installation. I want to restrict access to phpMyAdmin so that a root login can only be performed from within my local network. I have put the following lines of code into /etc/phpmyadmin/config.inc.php:-

;

To test that it works, I changed the allowed address to something NOT matching my local network and restarted the Apache service. Tried logging in expecting to be denied access, but was allowed in. Am I missing something?

Thanks,

Andrew.

Only thing I can point out is that your network will allow anything that starts with 192.168.[anything].[anything] and 127.0.0.1
Also in your above example you are missing the ending semi-colon ( ; ) which could be the issue.

Hope that gets you started...

I don't know much about it but when you are defining an ip range you should use the standard syntax: xxx.xxx.xxx.0/24

Many thanks for both replies. Made the suggested changes but still could not get it to work.

I've since discovered that it can be done in the file /etc/phpmyadmin/apache.conf by adding the following directives inside the <Directory /usr/share/phpmyadmin> block:-

This is OK as it stands but the problem is that the restrictions are then applied to all phpMyAdmin users. Ideally I only wanted to place the restriction on the root user. Any further suggestions would therefore still be welcome.

OK this would be fine, allowing localhost first:


How about checking with one ip address in "allow root from <ip>".

Another way which comes is setting up .htaccess file in your phpMyadmin dir:

and generating the htpasswd file for your user:

cd to the dir where you want to keep the .htpasswd file :

restart the services and check if the page is protected, that ways you can restrict access for other users.