How To Restrict phpMyAdmin By IP Address
PhpMyAdmin is a great easy to use web admin interface for your mysql databases. The one down side is it can be a security threat. Seems like many bots on the internet just go looking for phpmyadmin installed on web servers. Then run automated attacks.
If you have logwatch installed you may often see many failed attemtps.
To add an extra layer of security you can prevent any one from accessing phpMyAdmin except by defined IP address. We will be setting this up on an Ubuntu 11.04 Server.
Before we begin we will need to know the IP Address that you will be using to connect to phpmyadmin. If the server you are going to be accessing is hosted or on another network you can use http://whatismyip.com to find your external address. If your server is only being accessed from your internal network you can use some of the following MixedUpEric articles on how to find your internal IP address.
Login to your server at the console or using SSH to connect to it remotely.
The file we will be editing is /etc/apache2/conf.d/phpmyadmin.conf. In this example I am going to use command line text editor nano to keep things simple. If you preffer to use another text editor like vim or emacs feel free to do so.
sudo nano /etc/apache2/conf.d/phpmyadmin.conf
Enter your password
Add the following code.
Note: Remove the "#" from the from of the thrid line and replace ENTER.YOUR.IP.ADDRESS with the IP address you wish to allow.
Make sure the file name is /etc/apache2/conf.d/phpmyadmin.conf and hit enter to overwrite it.
Now lets restart apache.
sudo /etc/init.d/apache2 restart
Now test it out. You can always remove or comment out yout IP address to make sure it is blocked and then add it back in.
Here is an example if I try and access phpmyadmin from an IP address that is not added.
If the IP address has been added the user should see the login page.
If you are looking for another layer of security for your web server check out OSSEC.
If you enjoyed this post, please share it on your favorite social network by clicking on the “Share / Save” bar below.