Ask us a question!

Web Moves Blog

Web Moves News and Information

18
Aug
2015

Restrict access to phpMyAdmin by IP

phpMyAdminphpMyAdmin is a handy tool for administering mySQL from an easy to use web interface.  However,  leaving such a powerful tool open to the entire world can be downright dangerous and is something that should be avoided if possible.   Ultimately it’s best to keep it off your production server (or any other server you care about).  However, if you absolutely must use phpMyAdmin, you should restrict who can access it.   Below is a quick and easy tweak that will only allow access to it from a specific IP address.  This tweak assumes an Ubuntu LAMP stack, but should work fine on any Linux distribution, although paths may be different.

Restricting access to phpMyAdmin on an Ubuntu LAMP stack

Under an Ubuntu LAMP install, phpMyAdmin adds an Apache vhost that makes it publically available at http://yoursite.com/phpmyadmin.

Having the login for phpmyadmin publically accessible is not a great idea, as bots look for this url and continually pound on it, trying to gain access by exploiting security vulnerabilities.  Luckily, we can disable this.

Under Ubuntu, the phpMyAdmin apache conf file is located at: /etc/apache2/conf.d/phpmyadmin.conf

Simply add the following order, allow, deny directives to make it available to localhost only.

The modified apache config file is below.

After editing the file, make sure to restart apache, so the changes take effect.

sudo service apache2 restart

That’s all there is to it!  Once Apache restarts, only visitors from 123.123.123.123 will be able to access phpMyAdmin.  All other visitors will receive 403 forbidden.