LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-29-2013, 02:39 AM   #1
andperry
LQ Newbie
 
Registered: Mar 2012
Location: Wirral, UK
Distribution: Ubuntu 12.04 Server
Posts: 8

Rep: Reputation: Disabled
Cannot Restrict phpMyAdmin Access


I am running Ubuntu 12.04 Server with a LAMP server installation. I want to restrict access to phpMyAdmin so that a root login can only be performed from within my local network. I have put the following lines of code into /etc/phpmyadmin/config.inc.php:-

Code:
$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
$cfg['Servers'][$i]['AllowDeny']['rules'] = array(
'deny root from all',
'allow root from 192.168.0/24',
'allow root from localhost'
)
;

To test that it works, I changed the allowed address to something NOT matching my local network and restarted the Apache service. Tried logging in expecting to be denied access, but was allowed in. Am I missing something?

Thanks,

Andrew.
 
Old 07-29-2013, 07:04 PM   #2
Linux MR
Member
 
Registered: May 2013
Distribution: Red Hat, Scientific, Fedora, openSuSE, Mageia, Mint, Arch
Posts: 57

Rep: Reputation: Disabled
Only thing I can point out is that your network will allow anything that starts with 192.168.[anything].[anything] and 127.0.0.1
Also in your above example you are missing the ending semi-colon ( ; ) which could be the issue.

Hope that gets you started...
 
Old 07-29-2013, 10:10 PM   #3
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 516

Rep: Reputation: 58
Quote:
'allow root from 192.168.0/24',
I don't know much about it but when you are defining an ip range you should use the standard syntax: xxx.xxx.xxx.0/24
 
Old 07-30-2013, 05:14 AM   #4
andperry
LQ Newbie
 
Registered: Mar 2012
Location: Wirral, UK
Distribution: Ubuntu 12.04 Server
Posts: 8

Original Poster
Rep: Reputation: Disabled
Many thanks for both replies. Made the suggested changes but still could not get it to work.

I've since discovered that it can be done in the file /etc/phpmyadmin/apache.conf by adding the following directives inside the <Directory /usr/share/phpmyadmin> block:-

Code:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.0.0/24
This is OK as it stands but the problem is that the restrictions are then applied to all phpMyAdmin users. Ideally I only wanted to place the restriction on the root user. Any further suggestions would therefore still be welcome.

Last edited by andperry; 07-30-2013 at 05:45 AM.
 
Old 07-30-2013, 07:19 AM   #5
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 516

Rep: Reputation: 58
OK this would be fine, allowing localhost first:

Code:
$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
$cfg['Servers'][$i]['AllowDeny']['rules'] = array(
'deny root from all',
'allow root from localhost'
'allow root from 192.168.0/24',
);

How about checking with one ip address in "allow root from <ip>".

Another way which comes is setting up .htaccess file in your phpMyadmin dir:

Code:
AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "Warning Protected Page"

<Files "[some_page.php]">
  Require valid-user
</Files>
and generating the htpasswd file for your user:

cd to the dir where you want to keep the .htpasswd file :

Code:
htpasswd -c .htpasswd [username]
restart the services and check if the page is protected, that ways you can restrict access for other users.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
restrict volume access expatCM Ubuntu 13 05-08-2007 04:49 AM
Restrict X server access using /etc/security/access.conf anand_kt Linux - General 0 04-22-2005 08:40 AM
Restrict access by IP waifurchin Linux - Security 3 02-02-2003 07:54 AM
How to restrict telnet access Lexx Linux - Security 7 02-27-2002 08:48 AM
Restrict directory access bdu Linux - Security 1 02-07-2002 12:13 PM


All times are GMT -5. The time now is 01:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration