ISPsystem.com Forums

ISPsystem.com Forums (http://forum.ispsystem.com//index.php)
-   General technical discussion (http://forum.ispsystem.com//forumdisplay.php?f=8)
-   -   Modifications for securing the phpMyAdmin are not visible on the website.com/phpmyadm (http://forum.ispsystem.com//showthread.php?t=3154)

getdoge1921 10-29-2020 10:37 AM

Modifications for securing the phpMyAdmin are not visible on the website.com/phpmyadm
 
Hi


I want to secure www.mywebsite.com/myPhpAdmin link with extra security check and eventually allowing just an IP to have access to it.

I have in /etc/httpd/conf.d/ 2 files. One file phpMyAdmin.conf with a single line

# Disabled by ISPmanager
and in phpmyadmin.conf a file something like:

Alias /xxx /usr/share/phpMyAdmin/

<Directory /usr/share/phpMyAdmin>
AddDefaultCharset UTF-8

Options +FollowSymLinks +Multiviews +Indexes
AllowOverride All
AuthType basic
AuthName "Authentication Required"
AuthUserFile /etc/phpMyAdmin/.htpasswd
Require valid-user

<IfModule itk.c>
AssignUserID apache apache
</IfModule>

<IfModule mpm_itk_module>
AssignUserID apache apache
</IfModule>

Order allow,deny
Deny from all
Allow from MY-HOME-IP-ADDRESS
Options FollowSymLinks
DirectoryIndex index.php

<IfModule php5_module>
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
<IfVersion >= 2.4>
# Bug on centos-7 with open_basedir restriction and doc/html/index.html check
php_flag error_reporting E_NONE
</IfVersion>
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_admin_flag engine on
php_value include_path .
php_admin_value upload_tmp_dir /tmp
php_admin_value open_basedir "/usr/share/phpMyAdmin/:/etc/phpMyAdmin/:/var/lib/phpMyAdmin/upload:/tmp/:/usr/share/php/:/var/lib/php/session/:/opt/php53/share/pear:/opt/php54/share/pear:/opt/php55/share/pear:/opt/php56/share/pear"
php_admin_value session.save_path "/var/lib/php/session"
php_admin_value mbstring.func_overload 0
</IfModule>

<IfModule php7_module>
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
<IfVersion >= 2.4>
# Bug on centos-7 with open_basedir restriction and doc/html/index.html check
php_flag error_reporting E_NONE
</IfVersion>
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_admin_flag engine on
php_value include_path .
php_admin_value upload_tmp_dir /tmp
php_admin_value open_basedir "/usr/share/phpMyAdmin/:/etc/phpMyAdmin/:/var/lib/phpMyAdmin/:/tmp/:/usr/share/php/:/var/lib/php/session/:/opt/php70/share/pear:/opt/php71/share/pear:/opt/php72/share/pear:/opt/php73/share/pear:/opt/php74/share/pear:/usr/share/phpMyAdmin/doc/html"
php_admin_value session.save_path "/var/lib/php/session"
</IfModule>

RemoveHandler .php .php3 .php4 .phtml

<FilesMatch "\.ph(p[3-5]?|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>

<IfVersion >= 2.4>
AllowOverride None
Require all granted
</IfVersion>

</Directory>

<Directory /usr/share/phpMyAdmin/setup>

<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require all granted
</RequireAny>
</IfModule>

<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
</IfModule>
I created in usr/share/phpMyAdmin even an .htaccess file with the following content
AuthType Basic
Authname "Restricted files"
AuthUserFile /etc/phpMyAdmin/.htpasswd
Require valid-user
The problem is that any modifications done to this file, phpmyadmin.conf (other than the Apache tags where I saw that the modifications affect the website) are not actually seen in www.mywebsite.com/phpmyadmin link or in the-ip-adress/phpmyadmin link. No alias can be see, the window with the password set in /etc/phpMyAdmin/.htpasswd file is not visible and the phpMyAdmin can be accessed from all the IPs.

I have a dedicated server with Apache 2.4.6-93.el7.centos and all the packages were installed by a guy who can not help me anymore with any informations. Somewhere on the internet I read about copying the phpmyadmin file in other folder, for visibility in Ubuntu, but I didn't find any informations regarding modifications in Centos. I restarted the apache server after modifications done and nothing.

Where is the problem? What did I miss?

Thanks you for your kindness and help!

getdoge1921 10-30-2020 05:57 AM

The post can be closed.

The modifications were done in nginx folder and they worked.


All times are GMT +2. The time now is 04:36 PM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2021, vBulletin Solutions, Inc.