Author Topic: How to secure phpMyAdmin under CWP7  (Read 3823 times)

0 Members and 1 Guest are viewing this topic.

How to secure phpMyAdmin under CWP7
« on: January 27, 2018, 01:27:20 PM »
1. Open the PMA config file with your prefered editor

2. add the following lines at the bottom
Code: [Select]
$cfg['ForceSSL'] = true;
$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
$cfg['Servers'][$i]['AllowDeny']['rules'] = array(

        // deny everyone by default
        'deny % from all',

        // allow all users from the local system
        'allow % from localhost',
        'allow % from',
        'allow % from ::1',

        // allow all users from the server IP (commented out)
        'allow % from YOUR_SERVER_ADDRESS.',

        // allow user root from local system
        'allow root from localhost',
        'allow root from',
        'allow root from ::1',

        // allow user root from local network/pc
        'allow root from YOUR_IP_ADDRESS/32',

        // add more usernames and their IP (or IP ranges) here -

3. replace the placeholders with your IP's

4. save, close and restart Apache
Code: [Select]
systemctl restart httpd
5. done.
You can test the setting if you comment out the line: 'allow root from YOUR_IP_ADDRESS/32',
and then try to login as root from your PC, or (leave it and) try to login from another IP as root.
You should then see a red message box saying: "Acces denied"

If  your local IP address is dynamic, I would NOT recommend this setting, otherwise you have to change  YOUR_IP_ADDRESS inside every now and then.

All the best,


Re: How to secure phpMyAdmin under CWP7
« Reply #1 on: January 28, 2018, 12:05:11 AM »
That's helpful tutorial, thanks for sharing. :)
Server Management, Server Security, Server Monitoring.
India's Leading Managed Service Provider !!