Cannot Restrict phpMyAdmin Access

andperry · 07-29-2013, 02:39 AM

I am running Ubuntu 12.04 Server with a LAMP server installation. I want to restrict access to phpMyAdmin so that a root login can only be performed from within my local network. I have put the following lines of code into /etc/phpmyadmin/config.inc.php:-

Code:

$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
$cfg['Servers'][$i]['AllowDeny']['rules'] = array(
'deny root from all',
'allow root from 192.168.0/24',
'allow root from localhost'
)

;

To test that it works, I changed the allowed address to something NOT matching my local network and restarted the Apache service. Tried logging in expecting to be denied access, but was allowed in. Am I missing something?

Thanks,

Andrew.

Linux MR · 07-29-2013, 07:04 PM

Only thing I can point out is that your network will allow anything that starts with 192.168.[anything].[anything] and 127.0.0.1
Also in your above example you are missing the ending semi-colon ( ; ) which could be the issue.

Hope that gets you started...

SAbhi · 07-29-2013, 10:10 PM

Quote:

'allow root from 192.168.0/24',

I don't know much about it but when you are defining an ip range you should use the standard syntax: xxx.xxx.xxx.0/24

andperry · 07-30-2013, 05:14 AM

Many thanks for both replies. Made the suggested changes but still could not get it to work.

I've since discovered that it can be done in the file /etc/phpmyadmin/apache.conf by adding the following directives inside the <Directory /usr/share/phpmyadmin> block:-

Code:

Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.0.0/24

This is OK as it stands but the problem is that the restrictions are then applied to all phpMyAdmin users. Ideally I only wanted to place the restriction on the root user. Any further suggestions would therefore still be welcome.

SAbhi · 07-30-2013, 07:19 AM

OK this would be fine, allowing localhost first:

Code:

$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
$cfg['Servers'][$i]['AllowDeny']['rules'] = array(
'deny root from all',
'allow root from localhost'
'allow root from 192.168.0/24',
);

How about checking with one ip address in "allow root from <ip>".

Another way which comes is setting up .htaccess file in your phpMyadmin dir:

Code:

AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "Warning Protected Page"

<Files "[some_page.php]">
  Require valid-user
</Files>

and generating the htpasswd file for your user:

cd to the dir where you want to keep the .htpasswd file :

Code:

htpasswd -c .htpasswd [username]

restart the services and check if the page is protected, that ways you can restrict access for other users.