Restrict access to phpMyAdmin
Why
By default, the phpMyAdmin interface is accessible from any IP address, so web access is often restricted.
Instructions
You can restrict access to the phpMyAdmin web app in two ways:
- through control panel network services;
- through the Apache or Nginx web server.
Configuring network services
Note
With this method, access to all web server sites will be restricted.
- Go to Monitoring and Logs → Network Services;
- Select the web server service:
- httpd - if using Apache;
- nginx - if using Nginx.
- Click the “Add Rule” button;
- Specify the rule settings:
- In the “Action” field - “Partially Allow”.
- Enable the “Deny access to all” option.
- Enter the IP address or network from which you want to allow access in the “Trusted IP Addresses” field.
- Click the “Ok” button.
Configuring the web server
Configuring Apache
- Connect to the server via SSH;
- Open the phpMyAdmin configuration file at:
- For RHEL-based systems - /etc/httpd/conf.d/phpmyadmin.conf;
- For Debian-based systems - /etc/apache2/conf.d/phpmyadmin.conf.
- Change the “Order” and “Allow” parameters, and add the “Deny” parameter as follows:
Order deny,allow
Deny from all
Allow from <required-ip-address-or-subnet>
After making these changes, reboot the web server:
On RHEL-based systems:systemctl restart httpd
On Debian-based systems:systemctl restart apache2
Note
To ensure the authorization settings work correctly, add the control panel IP address to the list of allowed IP addresses.
Configuring Nginx
- Connect to the server via SSH;
- Open the phpMyAdmin configuration file at “/etc/nginx/vhosts-includes/phpmyadmin.conf”;
- Add the following lines to the “location /phpmyadmin” section:
allow <required-ip-address-or-subnet>;
deny all;After making these changes, reboot the web server:
systemctl restart nginx
Note
To ensure the authorization settings work correctly, add the IP address of the control panel to the list of allowed IP addresses.