1

I'm wanting to limit access to several things like PHPMyAdmin to users who are logged in and using SOCKS. To do that I'd like to make a virtual host in Apache. I'm guessing that the basic steps are to setup a vhost as normal and then put an entry in the server's hosts to point that domain home, but I'm unsure as to how to restrict the actual vhost to such users. Pretty typical Ubuntu server, LAMP stack, installed on a VPS. Having removed some of the unimportant things, I've been setting up VHosts using:

<VirtualHost *:80>
  ServerName  example.com
  ServerAlias www.example.com

  DirectoryIndex index.html index.php
  DocumentRoot /home/user/public_html/example.com/public
</VirtualHost>

Just to be clear, I'm ideally not looking to just limit the IPs a user can be from unless my desired method is more or less impossible to do.

46Bit
  • 113
  • 4
  • 1
    I assume since you are using SOCKS that this is with mod_proxy? Or is there another proxy server in front of the host? – Johnnie Odom Sep 22 '10 at 18:12
  • @johnnie It's just SOCKS as initiated via `ssh -D 8080 -p remote_port user@example.com`. The reason I like this setup is that it means only people with accounts on my server (or, yes, who've stolen the keys for an account) can even try to hack into PHPMyAdmin. – 46Bit Sep 22 '10 at 19:25

2 Answers2

1

If you cannot distinguish clients by IP then your chances are very few. I'd password protect phpMyAdmin directory with htadmin/htpasswd.

Creating vhosts is not required imho. Also consider that vhosts are not safe as they rely on HTTP headers which could be spoofed by malicious clients.

LatinSuD
  • 901
  • 1
  • 8
  • 17
  • Only making it available for SOCKS users is why I'm doing this in the first place. The vhost is simply so I can store ~anything on there - be it personal apps for sharing links/etc, admin apps like PHPMyAdmin, etc - without having to worry quite as much about the authentication measures in those apps themselves. – 46Bit Sep 22 '10 at 19:42
1

Actually it is easy to ensure they are using SOCKS: limit access to the IP of the SOCKS server itself.

Mark Wagner
  • 18,019
  • 2
  • 32
  • 47