kaanuki/How to Secure phpMyAdmin.txt

## How to Secure phpMyAdmin.txt
How to Secure phpMyAdmin

Some tips to add an extra layer of protection to your phpmyadmin. Vesta Control Panel is really good but it seems like its lacking in the security department so I want to help as much as possible.

Add htaccess login (extra login)
more info: https://degreesofzero.com/article/how-to-secure-phpmyadmin.html

Change the default /phpmyadmin alias to something like /phpmyadmin-vcn0vgu02j0239f
more info: https://forum.vestacp.com/viewtopic.php?f=10&t=5264 (thanks john)
check your config locations here: http://vestacp.com/docs/#config-log-location-rhel-centos


Alternative (most recommended)


Enable SSL on phpmyadmin and access only from name server
1. create web domain using your name server (server1.myserver.com) with SSL support and nginx
2. edit /etc/httpd/conf.d/phpMyAdmin.conf (centos 6) and delete the following (see below) and save

CODE: SELECT ALL
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
   Order Deny,Allow
   Deny from All
   Allow from All
</Directory>

<Directory /usr/share/phpMyAdmin/scripts/>
   Order Deny,Allow
   Deny from All
   Allow from All
</Directory>


3. edit /home/admin/conf/web/shttpd.conf from step 1(see above) and paste the following (see below) before this line </VirtualHost> and save

CODE: SELECT ALL
Alias /phpmyadmins-GENERATE-RANDOM-PASS-CODE-HERE /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
        AllowOverride All
        SSLRequireSSL
        Options +Includes -Indexes +ExecCGI
</Directory>

<Directory /usr/share/phpMyAdmin/scripts/>
        AllowOverride All
        SSLRequireSSL
        Options +Includes -Indexes +ExecCGI
</Directory>


4. restart apache server
5. you may now access your phpmyadmin with SSL from only the domain name you made.
CODE: SELECT ALL
https://server1.myserver.com/phpmyadmins-GENERATE-RANDOM-PASS-CODE-HERE


Force SSL Connection on phpmyadmin
1. go to folder /usr/share/phpMyAdmin (centos 6)
2 create file config.inc.php and put the following code below and save
CODE: SELECT ALL
<?php $cfg['ForceSSL'] = true; ?>


Add nameserver referral access only (you can only access phpmyadmin by clicking it from the control panel) also uses htaccess
1. open /usr/share/phpMyAdmin (centos 6)
2. create .htaccess file and paste the following code below (replacing the proper domain info server1.yourdomain.com)

CODE: SELECT ALL
RewriteEngine On
RewriteCond %{HTTP_REFERER} !(server1.)?yourdomain.com
RewriteRule .* - [F]


3. update the phpmyadmin link from vesta control panel viewtopic.php?f=10&t=5264

now that you have that in place. you wont be able to access phpmyadmin directly in your web browser. you need to click the phpmyadmin link from vesta control panel

-----------

Thanks to erldcrtz
Original post: https://forum.vestacp.com/viewtopic.php?t=5271
	How to Secure phpMyAdmin

	Some tips to add an extra layer of protection to your phpmyadmin. Vesta Control Panel is really good but it seems like its lacking in the security department so I want to help as much as possible.

	Add htaccess login (extra login)
	more info: https://degreesofzero.com/article/how-to-secure-phpmyadmin.html

	Change the default /phpmyadmin alias to something like /phpmyadmin-vcn0vgu02j0239f
	more info: https://forum.vestacp.com/viewtopic.php?f=10&t=5264 (thanks john)
	check your config locations here: http://vestacp.com/docs/#config-log-location-rhel-centos



	Alternative (most recommended)


	Enable SSL on phpmyadmin and access only from name server
	1. create web domain using your name server (server1.myserver.com) with SSL support and nginx
	2. edit /etc/httpd/conf.d/phpMyAdmin.conf (centos 6) and delete the following (see below) and save

	CODE: SELECT ALL
	Alias /phpMyAdmin /usr/share/phpMyAdmin
	Alias /phpmyadmin /usr/share/phpMyAdmin

	<Directory /usr/share/phpMyAdmin/>
	Order Deny,Allow
	Deny from All
	Allow from All
	</Directory>

	<Directory /usr/share/phpMyAdmin/scripts/>
	Order Deny,Allow
	Deny from All
	Allow from All
	</Directory>


	3. edit /home/admin/conf/web/shttpd.conf from step 1(see above) and paste the following (see below) before this line </VirtualHost> and save

	CODE: SELECT ALL
	Alias /phpmyadmins-GENERATE-RANDOM-PASS-CODE-HERE /usr/share/phpMyAdmin

	<Directory /usr/share/phpMyAdmin/>
	AllowOverride All
	SSLRequireSSL
	Options +Includes -Indexes +ExecCGI
	</Directory>

	<Directory /usr/share/phpMyAdmin/scripts/>
	AllowOverride All
	SSLRequireSSL
	Options +Includes -Indexes +ExecCGI
	</Directory>


	4. restart apache server
	5. you may now access your phpmyadmin with SSL from only the domain name you made.
	CODE: SELECT ALL
	https://server1.myserver.com/phpmyadmins-GENERATE-RANDOM-PASS-CODE-HERE



	Force SSL Connection on phpmyadmin
	1. go to folder /usr/share/phpMyAdmin (centos 6)
	2 create file config.inc.php and put the following code below and save
	CODE: SELECT ALL
	<?php $cfg['ForceSSL'] = true; ?>



	Add nameserver referral access only (you can only access phpmyadmin by clicking it from the control panel) also uses htaccess
	1. open /usr/share/phpMyAdmin (centos 6)
	2. create .htaccess file and paste the following code below (replacing the proper domain info server1.yourdomain.com)

	CODE: SELECT ALL
	RewriteEngine On
	RewriteCond %{HTTP_REFERER} !(server1.)?yourdomain.com
	RewriteRule .* - [F]


	3. update the phpmyadmin link from vesta control panel viewtopic.php?f=10&t=5264

	now that you have that in place. you wont be able to access phpmyadmin directly in your web browser. you need to click the phpmyadmin link from vesta control panel

	-----------

	Thanks to erldcrtz
	Original post: https://forum.vestacp.com/viewtopic.php?t=5271