# How do I deny PhpMyAdmin with http ?



## cleroy61 (Sep 16, 2011)

Hi everybody,

http://www.some.site/phpmyadmin/ is running/working/logging, and I don't want it
https://www.some.site/phpmyadmin/  is running/working/logging, and It's OK

How do I deny PhpMyAdmin http access ?

I called a directory somesite match my domain name in /usr/local/www/somesite/.
I installed phpmyadmin in /usr/local/www I copied to /usr/local/www/somesite/phpMyAdmin
I'm saying that this is not a symbolic link!
I want to install in VirtualHost multiple domain names.
I configured my server with https.
I configured a file in the /usr/local/etc/apache22/Includes/phpmyadmin.conf directory.
its content is as follows:
`# ee /usr/local/etc/apache22/Includes/phpmyadmin.conf` 


```
Alias /phpmyadmin "/usr/local/www/somesite/phpMyAdmin/"
CustomLog /var/log/http/phpmyadmin-access_log combined
ErrorLog /var/log/http/phpmyadmin-error_log

<Directory "/usr/local/www/somesite/phpMyAdmin/">
        Options none
        AllowOverride All
        Order Allow,Deny
        Allow from All
</Directory>

<IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteCond %{REQUEST_URI} /phpmyadmin
        RewriteRule (.*) [url]https://www.some.site/phpmyadmin/[/url] [R]
</IfModule>
```

VirtualHost commad :

`# httpd -S`

```
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:443          www.some.site (/usr/local/etc/apache22/extra/httpd-ssl.conf:74)
*:80                   is a NameVirtualHost
         default server www.some.site (/usr/local/etc/apache22/Includes/some.site.conf:2)
         port 80 namevhost www.some.site (/usr/local/etc/apache22/Includes/some.site.conf:2)
Syntax OK
```

Can you answer me, please ?

Thanks a lot for your help.

Have a nice day.

Best regards.

Christophe


----------



## DutchDaemon (Sep 16, 2011)

Tried this?

```
<VirtualHost *:80>
        ServerName www.some.site
        Redirect /phpmyadmin/ https://www.some.site/phpmyadmin/
</VirtualHost>
```


----------



## anomie (Sep 16, 2011)

cleroy61 said:
			
		

> http://www.some.site/phpmyadmin/ is running/working/logging, and I don't want it
> https://www.some.site/phpmyadmin/  is running/working/logging, and It's OK
> 
> How do I deny PhpMyAdmin http access ?



Simple: use the directive -

```
SSLRequireSSL
```
- in the appropriate container, and restart httpd.


----------



## cleroy61 (Sep 16, 2011)

Thanks DutchDaemon,

I tried your suggestion and it works !
I'm going to try awstat or jawstat now
Thanks for your private message 
I tried to follow these rules. I open your file now each I want posting
Have a nice day !
Christophe


----------



## gkontos (Sep 16, 2011)

@cleroy6,

Just a friendly advice. Posting this type of information on a public forum is like asking for hackers to play with you. If I were you I would delete this thread.

George


----------



## cleroy61 (Sep 16, 2011)

Thanks for your advice, I'm going to try to delete this thread but I don't know how ? I'm going looking for !


----------



## anomie (Sep 16, 2011)

IMO, this thread has value for future guests / members. Do you need for phpMyAdmin to be accessible from anywhere in the world? 

 _If so_, put it behind HTTP digest authentication. (i.e. An outer authentication layer before they ever reach the phpMyAdmin login screen.) 
 _If not_, restrict access to it at the IP level, either using packet filtering or Apache web server access control.


----------



## gkontos (Sep 16, 2011)

@anomie,

sure it does but there are very good reasons not to reveal the url in a public forum.

@cleroy61,

you don't have to delete it. Just edit the first post and remove the http address.

Best to all


----------



## DutchDaemon (Sep 16, 2011)

I anonymized site references. That should take care of this.


----------

