US: 1-941-4621-069
  
Cyprus: 3-572-2052-781

Go Back   ISPsystem.com Forums > ISPmanager > General technical discussion


Reply
 
Thread Tools
Old 10-29-2020, 10:37 AM   #1
Junior Member
 
Join Date: Oct 2020
Posts: 2
getdoge1921 is on a distinguished road
Default Modifications for securing the phpMyAdmin are not visible on the website.com/phpmyadm

Hi


I want to secure www.mywebsite.com/myPhpAdmin link with extra security check and eventually allowing just an IP to have access to it.

I have in /etc/httpd/conf.d/ 2 files. One file phpMyAdmin.conf with a single line

# Disabled by ISPmanager
and in phpmyadmin.conf a file something like:

Alias /xxx /usr/share/phpMyAdmin/

<Directory /usr/share/phpMyAdmin>
AddDefaultCharset UTF-8

Options +FollowSymLinks +Multiviews +Indexes
AllowOverride All
AuthType basic
AuthName "Authentication Required"
AuthUserFile /etc/phpMyAdmin/.htpasswd
Require valid-user

<IfModule itk.c>
AssignUserID apache apache
</IfModule>

<IfModule mpm_itk_module>
AssignUserID apache apache
</IfModule>

Order allow,deny
Deny from all
Allow from MY-HOME-IP-ADDRESS
Options FollowSymLinks
DirectoryIndex index.php

<IfModule php5_module>
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
<IfVersion >= 2.4>
# Bug on centos-7 with open_basedir restriction and doc/html/index.html check
php_flag error_reporting E_NONE
</IfVersion>
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_admin_flag engine on
php_value include_path .
php_admin_value upload_tmp_dir /tmp
php_admin_value open_basedir "/usr/share/phpMyAdmin/:/etc/phpMyAdmin/:/var/lib/phpMyAdmin/upload:/tmp/:/usr/share/php/:/var/lib/php/session/:/opt/php53/share/pear:/opt/php54/share/pear:/opt/php55/share/pear:/opt/php56/share/pear"
php_admin_value session.save_path "/var/lib/php/session"
php_admin_value mbstring.func_overload 0
</IfModule>

<IfModule php7_module>
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
<IfVersion >= 2.4>
# Bug on centos-7 with open_basedir restriction and doc/html/index.html check
php_flag error_reporting E_NONE
</IfVersion>
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_admin_flag engine on
php_value include_path .
php_admin_value upload_tmp_dir /tmp
php_admin_value open_basedir "/usr/share/phpMyAdmin/:/etc/phpMyAdmin/:/var/lib/phpMyAdmin/:/tmp/:/usr/share/php/:/var/lib/php/session/:/opt/php70/share/pear:/opt/php71/share/pear:/opt/php72/share/pear:/opt/php73/share/pear:/opt/php74/share/pear:/usr/share/phpMyAdmin/doc/html"
php_admin_value session.save_path "/var/lib/php/session"
</IfModule>

RemoveHandler .php .php3 .php4 .phtml

<FilesMatch "\.ph(p[3-5]?|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>

<IfVersion >= 2.4>
AllowOverride None
Require all granted
</IfVersion>

</Directory>

<Directory /usr/share/phpMyAdmin/setup>

<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require all granted
</RequireAny>
</IfModule>

<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
</IfModule>
I created in usr/share/phpMyAdmin even an .htaccess file with the following content
AuthType Basic
Authname "Restricted files"
AuthUserFile /etc/phpMyAdmin/.htpasswd
Require valid-user
The problem is that any modifications done to this file, phpmyadmin.conf (other than the Apache tags where I saw that the modifications affect the website) are not actually seen in www.mywebsite.com/phpmyadmin link or in the-ip-adress/phpmyadmin link. No alias can be see, the window with the password set in /etc/phpMyAdmin/.htpasswd file is not visible and the phpMyAdmin can be accessed from all the IPs.

I have a dedicated server with Apache 2.4.6-93.el7.centos and all the packages were installed by a guy who can not help me anymore with any informations. Somewhere on the internet I read about copying the phpmyadmin file in other folder, for visibility in Ubuntu, but I didn't find any informations regarding modifications in Centos. I restarted the apache server after modifications done and nothing.

Where is the problem? What did I miss?

Thanks you for your kindness and help!

Last edited by getdoge1921; 10-30-2020 at 05:56 AM.
getdoge1921 is offline   Reply With Quote
Old 10-30-2020, 05:57 AM   #2
Junior Member
 
Join Date: Oct 2020
Posts: 2
getdoge1921 is on a distinguished road
Default

The post can be closed.

The modifications were done in nginx folder and they worked.
getdoge1921 is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 04:37 AM.