How do I deny PhpMyAdmin with http ?

cleroy61

cleroy61

Hi everybody,

http://www.some.site/phpmyadmin/ is running/working/logging, and I don't want it
https://www.some.site/phpmyadmin/ is running/working/logging, and It's OK

How do I deny PhpMyAdmin http access ?

I called a directory somesite match my domain name in /usr/local/www/somesite/.
I installed phpmyadmin in /usr/local/www I copied to /usr/local/www/somesite/phpMyAdmin
I'm saying that this is not a symbolic link!
I want to install in VirtualHost multiple domain names.
I configured my server with https.
I configured a file in the /usr/local/etc/apache22/Includes/phpmyadmin.conf directory.
its content is as follows:
# ee /usr/local/etc/apache22/Includes/phpmyadmin.conf

Code: 
Alias /phpmyadmin "/usr/local/www/somesite/phpMyAdmin/"
CustomLog /var/log/http/phpmyadmin-access_log combined
ErrorLog /var/log/http/phpmyadmin-error_log

<Directory "/usr/local/www/somesite/phpMyAdmin/">
        Options none
        AllowOverride All
        Order Allow,Deny
        Allow from All
</Directory>

<IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteCond %{REQUEST_URI} /phpmyadmin
        RewriteRule (.*) [url]https://www.some.site/phpmyadmin/[/url] [R]
</IfModule>

VirtualHost commad :

# httpd -S
Code: 
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:443          www.some.site (/usr/local/etc/apache22/extra/httpd-ssl.conf:74)
*:80                   is a NameVirtualHost
         default server www.some.site (/usr/local/etc/apache22/Includes/some.site.conf:2)
         port 80 namevhost www.some.site (/usr/local/etc/apache22/Includes/some.site.conf:2)
Syntax OK

Can you answer me, please ?

Thanks a lot for your help.

Have a nice day.

Best regards.

Christophe
 
Tried this?
Code: 
<VirtualHost *:80>
        ServerName www.some.site
        Redirect /phpmyadmin/ https://www.some.site/phpmyadmin/
</VirtualHost>
 
Thanks DutchDaemon,

I tried your suggestion and it works !
I'm going to try awstat or jawstat now
Thanks for your private message
I tried to follow these rules. I open your file now each I want posting
Have a nice day !
Christophe
 
@cleroy6,

Just a friendly advice. Posting this type of information on a public forum is like asking for hackers to play with you. If I were you I would delete this thread.

George
 
Thanks for your advice, I'm going to try to delete this thread but I don't know how ? I'm going looking for !
 
IMO, this thread has value for future guests / members. Do you need for phpMyAdmin to be accessible from anywhere in the world?
  • If so, put it behind HTTP digest authentication. (i.e. An outer authentication layer before they ever reach the phpMyAdmin login screen.)
  • If not, restrict access to it at the IP level, either using packet filtering or Apache web server access control.
 
@anomie,

sure it does but there are very good reasons not to reveal the url in a public forum.

@cleroy61,

you don't have to delete it. Just edit the first post and remove the http address.

Best to all
 
You must log in or register to reply here.
Back
Top