10

I'm working on a multiple virtualhost Environment. I've installed PhpMyadmin for Mysql Remote Control.

Environment is configurate as below: 

one.domain.com
two.domain.com
onlyphpmyadmin.domain.com

Now, if i accesso to one of the three domains 

http://one.domain.com/phpmyadmin/
http://two.domein.com/phpmyadmin/
http://onlyphpmyadmin.domain.com/phpmyadmin/

the result is the same, the access to Phpmyadmin is allowed.

The goal is to obtain a situation like this one below

http://one.domain.com/phpmyadmin/ --> access denied
http://two.domein.com/phpmyadmin/ --> access denied 
http://onlyphpmyadmin.domain.com/phpmyadmin/ -->access allowed

whith no hack similar to

<?php 
if($_SERVER['HTTP_HOST'] != 'onlyphpmyadmin.domain.com')
die('access denied');

 ...
 ?>

on some Phpmyadmin file.

Here my Phpmyadmin configuration file

Alias /phpmyadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin>
    Options FollowSymLinks
    DirectoryIndex index.php

    <IfModule mod_php5.c>
        AddType application/x-httpd-php .php

        php_flag magic_quotes_gpc Off
        php_flag track_vars On
        php_flag register_globals Off
        php_admin_flag allow_url_fopen Off
        php_value include_path .
        php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
        php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
    </IfModule>

</Directory>

# Authorize for setup
<Directory /usr/share/phpmyadmin/setup>
    <IfModule mod_authn_file.c>
    AuthType Basic
    AuthName "phpMyAdmin Setup"
    AuthUserFile /etc/phpmyadmin/htpasswd.setup
    </IfModule>
    Require valid-user
</Directory>

# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/libraries>
    Order Deny,Allow
    Deny from All
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
    Order Deny,Allow
    Deny from All
</Directory>
alesdario
  • 326
  • 1
  • 4
  • 11

2 Answers2

26

Remove the Alias declaration 

Alias /phpmyadmin /usr/share/phpmyadmin

from the server context and put it in the relevant vhost context

<VirtualHost *:80>
    ServerName onlyphpmyadmin.domain.com
    .
    .
    .
    Alias /phpmyadmin /usr/share/phpmyadmin
</VirtualHost>

It may be easier and preferable to just include the whole phpmyadmin config into the relevant vhost 

<VirtualHost *:80>
    ServerName onlyphpmyadmin.domain.com
    .
    .
    .
    include /path/to/phpmyadmin.conf
</VirtualHost>

and then remove that include from the server context and restart apache for the changes to take affect.

10us
  • 113
  • 5
user9517
  • 115,471
  • 20
  • 215
  • 297
  • Doesn't seem to work for me on Centos 6.5. I tried both methods and still able to access it from all domains. – Jeremy Jun 20 '14 at 18:20
  • Remember to restart Apache2 after change its configuration and to eventually add a new CNAME to DNS config – realtebo Feb 09 '17 at 09:09
3

In RHEL/CentOS, Apache loads /etc/httpd/conf.d/phpmyadmin.conf to set up the /phpmyadmin alias. The Directory directive is also initially set to only allow traffic from localhost, so you may receive a 403 error when accessing phpmyadmin like "domain.com/phpmyadmin".

Using the following, you can set up RHEL/CentOS to only allow the /phpmyadmin alias to work from a specific virtual host.

/etc/httpd/conf.d/phpmyadmin.conf

<Directory "/usr/share/phpmyadmin">
#  Order Deny,Allow
#  Deny from all
   Allow from 127.0.0.1
</Directory>

#Alias /phpmyadmin /usr/share/phpmyadmin
#Alias /phpMyAdmin /usr/share/phpmyadmin
#Alias /mysqladmin /usr/share/phpmyadmin

Next, add the alias directive to your vhost and restart Apache.

Please note, this is not the most secure implementation. Please take care to secure /phpmyadmin through authentication, IP restrictions or a combination of both.

Liam
  • 164
  • 2
  • 6