Restrict access to phpMyAdmin
Why
By default, the phpMyAdmin interface is accessible from any IP address, so web access is often restricted.
Instructions
You can restrict access to the phpMyAdmin web app in two ways:
- through control panel network services;
- through the Apache or Nginx web server.
Configuring network services
With this method, access to all web server sites will be restricted.
- Go to Monitoring and Logs - Network Services;
- Select the web server service:
- httpd - if using Apache;
- nginx - if using Nginx.
- Click the Add Rule button;
- Specify the rule settings:
- In the Action field - Partially Allow.
- Enable the Deny access to all option.
- Enter the IP address or network from which you want to allow access in the Trusted IP Addresses field.
- Click the Ok button.
Configuring the web server
Configuring Apache
- Connect to the server via SSH;
- Open the phpMyAdmin configuration file at:
- For RHEL-based systems -
/etc/httpd/conf.d/phpmyadmin.conf
; - For Debian-based systems -
/etc/apache2/conf.d/phpmyadmin.conf
.
- For RHEL-based systems -
- Change the
Order
andAllow
parameters, and add theDeny
parameter as follows:
Order deny,allow
Deny from all
Allow from IP_ADDRESS_OR_SUBNET
After making these changes, reboot the web server:
On RHEL-based systems:
systemctl restart httpd
On Debian-based systems:
systemctl restart apache2
To ensure the authorization settings work correctly, add the control panel IP address to the list of allowed IP addresses.
Configuring Nginx
- Connect to the server via SSH;
- Open the phpMyAdmin configuration file at
/etc/nginx/vhosts-includes/phpmyadmin.conf
; - Add the following lines to the
location /phpmyadmin
section:
allow IP_ADDRESS_OR_SUBNET;
deny all;
After making these changes, reboot the web server:
systemctl restart nginx
To ensure the authorization settings work correctly, add the IP address of the control panel to the list of allowed IP addresses.