Author Topic: How to secure phpMyAdmin under CWP7  (Read 838 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
How to secure phpMyAdmin under CWP7
« on: January 27, 2018, 01:27:20 PM »
1. Open the PMA config file with your prefered editor
/usr/local/cwpsrv/var/services/pma/config.inc.php

2. add the following lines at the bottom
Code: [Select]
$cfg['ForceSSL'] = true;
$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
$cfg['Servers'][$i]['AllowDeny']['rules'] = array(

        // deny everyone by default
        'deny % from all',

        // allow all users from the local system
        'allow % from localhost',
        'allow % from 127.0.0.1',
        'allow % from ::1',

        // allow all users from the server IP (commented out)
        'allow % from YOUR_SERVER_ADDRESS.',

        // allow user root from local system
        'allow root from localhost',
        'allow root from 127.0.0.1',
        'allow root from ::1',

        // allow user root from local network/pc
        'allow root from YOUR_IP_ADDRESS/32',

        // add more usernames and their IP (or IP ranges) here -
);

3. replace the placeholders with your IP's
YOUR_SERVER_ADDRESS
YOUR_IP_ADDRESS

4. save, close and restart Apache
Code: [Select]
systemctl restart httpd
5. done.
You can test the setting if you comment out the line: 'allow root from YOUR_IP_ADDRESS/32',
and then try to login as root from your PC, or (leave it and) try to login from another IP as root.
You should then see a red message box saying: "Acces denied"

If  your local IP address is dynamic, I would NOT recommend this setting, otherwise you have to change  YOUR_IP_ADDRESS inside config.inc.php every now and then.

All the best,
Ben

Source: https://stackoverflow.com/questions/2631269/how-to-secure-phpmyadmin

Offline
***
Re: How to secure phpMyAdmin under CWP7
« Reply #1 on: January 28, 2018, 12:05:11 AM »
That's helpful tutorial, thanks for sharing. :)
https://www.24x7servermanagement.com/
Server Management, Server Security, Server Monitoring.
India's Leading Managed Service Provider !!