How to secure phpMyAdmin under CWP7

1. Open the PMA config file with your prefered editor
/usr/local/cwpsrv/var/services/pma/config.inc.php

2. add the following lines at the bottom

Code: [Select]

$cfg['ForceSSL'] = true;
$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
$cfg['Servers'][$i]['AllowDeny']['rules'] = array(

        // deny everyone by default
        'deny % from all',

        // allow all users from the local system
        'allow % from localhost',
        'allow % from 127.0.0.1',
        'allow % from ::1',

        // allow all users from the server IP (commented out)
        'allow % from YOUR_SERVER_ADDRESS.',

        // allow user root from local system
        'allow root from localhost',
        'allow root from 127.0.0.1',
        'allow root from ::1',

        // allow user root from local network/pc
        'allow root from YOUR_IP_ADDRESS/32',

        // add more usernames and their IP (or IP ranges) here -
);
3. replace the placeholders with your IP's
YOUR_SERVER_ADDRESS
YOUR_IP_ADDRESS

4. save, close and restart Apache

Code: [Select]

systemctl restart httpd
5. done.
You can test the setting if you comment out the line: 'allow root from YOUR_IP_ADDRESS/32',
and then try to login as root from your PC, or (leave it and) try to login from another IP as root.
You should then see a red message box saying: "Acces denied"

If  your local IP address is dynamic, I would NOT recommend this setting, otherwise you have to change  YOUR_IP_ADDRESS inside config.inc.php every now and then.

All the best,
Ben

Source: https://stackoverflow.com/questions/2631269/how-to-secure-phpmyadmin

That's helpful tutorial, thanks for sharing.

I have tried but this is not working, can any one suggest a solution as per latest version of CWP.