Secure phpmyadmin

Dear,

I’m new here and it’s my first time I use hestia very nice cp, non I want secure “phpmyadmin”, my target is block load phpmyadmin from https://www.example.com/phpmyadmin.
Is there easy way?
Best reagrds

G.

You can edit /etc/apache2/conf.d/phpmyadmin.inc and add Apache Basic Auth to it.
For example, find this line:

<Directory /usr/share/phpmyadmin>
	Options FollowSymLinks

And insert lines like this, changing the location of AuthUserFile accordingly

<Directory /usr/share/phpmyadmin>
        AuthType Basic
        AuthName Private
        Require valid-user
        AuthUserFile /etc/apache2/phpmyadmin.passwd
        Options FollowSymLinks

One problem is that the file sometimes gets overwritten, so you have to monitor that and reinsert if it disappears.

Oh, yes, and generate the password file with htpasswd:
htpasswd -c /etc/apache2/phpmyadmin.passwd username
You can add several user/password combinations to the same file

1 Like

Or just remove that file to prevent phpmyadmin loading :slight_smile:.

1 Like

Or remove it from any template that you don’t want…

For Hestiacp.com I have created “nophpmyadmin” that doesn’t load the template…

#=======================================================================#
# Default Web Domain Template                                           #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
#=======================================================================#

<VirtualHost %ip%:%web_port%>

    ServerName %domain_idn%
    %alias_string%
    ServerAdmin %email%
    DocumentRoot %docroot%
    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
    Alias /vstats/ %home%/%user%/web/%domain%/stats/
    Alias /error/ %home%/%user%/web/%domain%/document_errors/
    #SuexecUserGroup %user% %group%
    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
    CustomLog /var/log/%web_system%/domains/%domain%.log combined
    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
        
    IncludeOptional %home%/%user%/conf/web/%domain%/apache2.forcessl.conf*
    
    <Directory %home%/%user%/web/%domain%/stats>
        AllowOverride All
    </Directory>
    <Directory %sdocroot%>
        AllowOverride All
        Options +Includes -Indexes +ExecCGI
    </Directory>

    <FilesMatch \.php$>
        SetHandler "proxy:%backend_lsnr%|fcgi://localhost"
    </FilesMatch>
    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.conf_*
</VirtualHost>
2 Likes

Hi All,

thank you for reply and help. I’m using “ScIT” solution and rename /etc/apache2/conf.d/phpmyadmin.inc
for me is easy solution, but I understand other solutions maybe better ex. I want load phpmyadmin only from my network.
Thank you again.
Best regards

G.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.