How To Restrict phpMyAdmin By IP Address

PhpMyAdmin is a great easy to use web admin interface for your mysql databases. The one down side is it can be a security threat. Seems like many bots on the internet just go looking for phpmyadmin installed on web servers. Then run automated attacks. 

If you have logwatch installed you may often see many failed attemtps.

 

 

 

 

Example of phpMyAdmin attempts - Secure your phpmyadmin install by IP address

 

 

To add an extra layer of security you can prevent any one from accessing phpMyAdmin except by defined IP address. We will be setting this up on an Ubuntu 11.04 Server.

 

Before we begin we will need to know the IP Address that you will be using to connect to phpmyadmin. If the server you are  going to be accessing is hosted or on another network you can use  http://whatismyip.com to find your external address. If your server is only being accessed from your internal network you can use some of the following MixedUpEric articles on how to find your internal IP address.  

How To Find Your IP Address On A Windows System

How To Find Your IP Address On A Linux System

 

Login to your server at the console or using SSH to connect to it remotely.

The file we will be editing is /etc/apache2/conf.d/phpmyadmin.conf. In this example I am going to use command line text editor nano to keep things simple. If you preffer to use another text editor like vim or emacs feel free to do so. 

sudo nano /etc/apache2/conf.d/phpmyadmin.conf

 

 

Edit /etc/apache2/conf.d/phpmyadmin.conf file with nano text editor

 

 

Enter your password

 

 

Enter your password so you can edit phpmyadmin.conf

 

 

Add the following code.

Note: Remove the "#" from the from of the thrid line and replace ENTER.YOUR.IP.ADDRESS with the IP address you wish to allow. 

 

Order Allow,Deny
Allow from 127.0.0.1
#Allow from ENTER.YOUR.IP.ADDRESS
 
 
For example if I wanted to allow the IP address 192.168.96.120 it would look like the following.
 
 
 
Add the IP addresses you wish to allow access to phpmyadmin
 
 
 
 
Save your changes by hitting CTRL + X to exit
 
Enter Y to save changes
 

 

 

In Nano Text editor hit CTRL + X to exit

 

Make sure the file name is /etc/apache2/conf.d/phpmyadmin.conf and hit enter to overwrite it. 

 

 

Confirm the name is correct and not a temp file. Then hit enter - File: /etc/apache2/conf.d/phpmyadmin.conf

 

 

Now lets restart apache.

sudo /etc/init.d/apache2 restart

 

 

Restart apache with the following command /etc/init.d/apache2 restart

 

 

Now test it out. You can always remove or comment out yout IP address to make sure it is blocked and then add it back in. 

 

Here is an example if I try and access phpmyadmin from an IP address that is not added.

 

 

Example of being denied to phpmyadmin because IP address has not been added to the phpmyadmin.conf file

 

 

If the IP address has been added the user should see the login page. 

 

 

If the IP address was add to the allow list the user should see the login page for phpmyadmin

 

 

If you are looking for another layer of security for your web server check out OSSEC.

If you enjoyed this post, please share it on your favorite social network by clicking on the “Share / Save” bar below.