How do I restrict access to phpmyadmin?

By default, the phpMyAdmin interface is accessible from any IP address. You can restrict access to the application through the settings:

• network services in the control panel;
• Apache or Nginx web server.

Configuring network services

1. Enter Monitoring and logs → Network services.
2. Select the web server service:
3. Press Add rule.
4. Specify the rule settings:
5. Press Ok.

Web server configuration

Apache

1. Connect to the server with ISPmanager via SSH.
2. Open the phpMyAdmin configuration file:
   
   • CentOS — /etc/httpd/conf.d/phpmyadmin.conf;
     
   • Debian, Ubuntu — /etc/apache2/conf.d/phpmyadmin.conf.
     
3. Replace the strings

   Order allow,deny
   Allow from all

   with

   Order deny,allow
   Deny from all
   Allow from <permitted IP address or subnet>

   Note

   For the authentication settings to work correctly, add the IP address of the control panel to the list of permitted IP addresses.
4. Restart Apache:

   CentOS

   systemctl restart httpd

   Debian, Ubuntu

   systemctl restart apache2

Nginx

1. Connect to the server with ISPmanager via SSH.
2. Open the phpMyAdmin configuration file /etc/nginx/vhosts-includes/phpmyadmin.conf.
3. Add the following strings to the location /phpmyadmin section

   allow <permitted IP address or subnet>;
   deny all;

   Note

   For the authentication settings to work correctly, add the IP address of the control panel to the list of permitted IP addresses.

   Example of settings

   location /phpmyadmin {
   	alias /usr/share/phpMyAdmin;
   	index index.php;
   	allow 192.0.2.142;
       allow 192.168.1.0/24;
       deny all;
   }

4. Restart Nginx: 

   systemctl restart nginx