getdoge1921 |
10-29-2020 10:37 AM |
Modifications for securing the phpMyAdmin are not visible on the website.com/phpmyadm
Hi
I want to secure www.mywebsite.com/myPhpAdmin link with extra security check and eventually allowing just an IP to have access to it.
I have in /etc/httpd/conf.d/ 2 files. One file phpMyAdmin.conf with a single line
# Disabled by ISPmanager
and in phpmyadmin.conf a file something like:
Alias /xxx /usr/share/phpMyAdmin/
<Directory /usr/share/phpMyAdmin>
AddDefaultCharset UTF-8
Options +FollowSymLinks +Multiviews +Indexes
AllowOverride All
AuthType basic
AuthName "Authentication Required"
AuthUserFile /etc/phpMyAdmin/.htpasswd
Require valid-user
<IfModule itk.c>
AssignUserID apache apache
</IfModule>
<IfModule mpm_itk_module>
AssignUserID apache apache
</IfModule>
Order allow,deny
Deny from all
Allow from MY-HOME-IP-ADDRESS
Options FollowSymLinks
DirectoryIndex index.php
<IfModule php5_module>
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
<IfVersion >= 2.4>
# Bug on centos-7 with open_basedir restriction and doc/html/index.html check
php_flag error_reporting E_NONE
</IfVersion>
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_admin_flag engine on
php_value include_path .
php_admin_value upload_tmp_dir /tmp
php_admin_value open_basedir "/usr/share/phpMyAdmin/:/etc/phpMyAdmin/:/var/lib/phpMyAdmin/upload:/tmp/:/usr/share/php/:/var/lib/php/session/:/opt/php53/share/pear:/opt/php54/share/pear:/opt/php55/share/pear:/opt/php56/share/pear"
php_admin_value session.save_path "/var/lib/php/session"
php_admin_value mbstring.func_overload 0
</IfModule>
<IfModule php7_module>
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
<IfVersion >= 2.4>
# Bug on centos-7 with open_basedir restriction and doc/html/index.html check
php_flag error_reporting E_NONE
</IfVersion>
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_admin_flag engine on
php_value include_path .
php_admin_value upload_tmp_dir /tmp
php_admin_value open_basedir "/usr/share/phpMyAdmin/:/etc/phpMyAdmin/:/var/lib/phpMyAdmin/:/tmp/:/usr/share/php/:/var/lib/php/session/:/opt/php70/share/pear:/opt/php71/share/pear:/opt/php72/share/pear:/opt/php73/share/pear:/opt/php74/share/pear:/usr/share/phpMyAdmin/doc/html"
php_admin_value session.save_path "/var/lib/php/session"
</IfModule>
RemoveHandler .php .php3 .php4 .phtml
<FilesMatch "\.ph(p[3-5]?|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
<IfVersion >= 2.4>
AllowOverride None
Require all granted
</IfVersion>
</Directory>
<Directory /usr/share/phpMyAdmin/setup>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
</IfModule>
I created in usr/share/phpMyAdmin even an .htaccess file with the following content
AuthType Basic
Authname "Restricted files"
AuthUserFile /etc/phpMyAdmin/.htpasswd
Require valid-user The problem is that any modifications done to this file, phpmyadmin.conf (other than the Apache tags where I saw that the modifications affect the website) are not actually seen in www.mywebsite.com/phpmyadmin link or in the-ip-adress/phpmyadmin link. No alias can be see, the window with the password set in /etc/phpMyAdmin/.htpasswd file is not visible and the phpMyAdmin can be accessed from all the IPs.
I have a dedicated server with Apache 2.4.6-93.el7.centos and all the packages were installed by a guy who can not help me anymore with any informations. Somewhere on the internet I read about copying the phpmyadmin file in other folder, for visibility in Ubuntu, but I didn't find any informations regarding modifications in Centos. I restarted the apache server after modifications done and nothing.
Where is the problem? What did I miss?
Thanks you for your kindness and help!
|