kaanuki · October 12, 2017 04:54
diff --git a/How to Secure phpMyAdmin.txt b/How to Secure phpMyAdmin.txt
 How to Secure phpMyAdmin

 Some tips to add an extra layer of protection to your phpmyadmin. Vesta Control Panel is really good but it seems like its lacking in the security department so I want to help as much as possible.

 Add htaccess login (extra login)
 more info: https://degreesofzero.com/article/how-to-secure-phpmyadmin.html

 Change the default /phpmyadmin alias to something like /phpmyadmin-vcn0vgu02j0239f
 more info: https://forum.vestacp.com/viewtopic.php?f=10&t=5264 (thanks john)
 check your config locations here: http://vestacp.com/docs/#config-log-location-rhel-centos



 Alternative (most recommended)


 Enable SSL on phpmyadmin and access only from name server
 1. create web domain using your name server (server1.myserver.com) with SSL support and nginx
 2. edit /etc/httpd/conf.d/phpMyAdmin.conf (centos 6) and delete the following (see below) and save

 CODE: SELECT ALL
 Alias /phpMyAdmin /usr/share/phpMyAdmin
 Alias /phpmyadmin /usr/share/phpMyAdmin

 <Directory /usr/share/phpMyAdmin/>
   Order Deny,Allow
   Deny from All
   Allow from All
 </Directory>

 <Directory /usr/share/phpMyAdmin/scripts/>
   Order Deny,Allow
   Deny from All
   Allow from All
 </Directory>


 3. edit /home/admin/conf/web/shttpd.conf from step 1(see above) and paste the following (see below) before this line </VirtualHost> and save

 CODE: SELECT ALL
 Alias /phpmyadmins-GENERATE-RANDOM-PASS-CODE-HERE /usr/share/phpMyAdmin

 <Directory /usr/share/phpMyAdmin/>
        AllowOverride All
        SSLRequireSSL
        Options +Includes -Indexes +ExecCGI
 </Directory>

 <Directory /usr/share/phpMyAdmin/scripts/>
        AllowOverride All
        SSLRequireSSL
        Options +Includes -Indexes +ExecCGI
 </Directory>


 4. restart apache server
 5. you may now access your phpmyadmin with SSL from only the domain name you made.
 CODE: SELECT ALL
 https://server1.myserver.com/phpmyadmins-GENERATE-RANDOM-PASS-CODE-HERE



 Force SSL Connection on phpmyadmin
 1. go to folder /usr/share/phpMyAdmin (centos 6)
 2 create file config.inc.php and put the following code below and save
 CODE: SELECT ALL
 <?php $cfg['ForceSSL'] = true; ?>



 Add nameserver referral access only (you can only access phpmyadmin by clicking it from the control panel) also uses htaccess
 1. open /usr/share/phpMyAdmin (centos 6)
 2. create .htaccess file and paste the following code below (replacing the proper domain info server1.yourdomain.com)

 CODE: SELECT ALL
 RewriteEngine On
 RewriteCond %{HTTP_REFERER} !(server1.)?yourdomain.com
 RewriteRule .* - [F]


 3. update the phpmyadmin link from vesta control panel viewtopic.php?f=10&t=5264

 now that you have that in place. you wont be able to access phpmyadmin directly in your web browser. you need to click the phpmyadmin link from vesta control panel

 -----------

 Thanks to erldcrtz
 Original post: https://forum.vestacp.com/viewtopic.php?t=5271
	How to Secure phpMyAdmin

	Some tips to add an extra layer of protection to your phpmyadmin. Vesta Control Panel is really good but it seems like its lacking in the security department so I want to help as much as possible.

	Add htaccess login (extra login)
	more info: https://degreesofzero.com/article/how-to-secure-phpmyadmin.html

	Change the default /phpmyadmin alias to something like /phpmyadmin-vcn0vgu02j0239f
	more info: https://forum.vestacp.com/viewtopic.php?f=10&t=5264 (thanks john)
	check your config locations here: http://vestacp.com/docs/#config-log-location-rhel-centos



	Alternative (most recommended)


	Enable SSL on phpmyadmin and access only from name server
	1. create web domain using your name server (server1.myserver.com) with SSL support and nginx
	2. edit /etc/httpd/conf.d/phpMyAdmin.conf (centos 6) and delete the following (see below) and save

	CODE: SELECT ALL
	Alias /phpMyAdmin /usr/share/phpMyAdmin
	Alias /phpmyadmin /usr/share/phpMyAdmin

	<Directory /usr/share/phpMyAdmin/>
	Order Deny,Allow
	Deny from All
	Allow from All
	</Directory>

	<Directory /usr/share/phpMyAdmin/scripts/>
	Order Deny,Allow
	Deny from All
	Allow from All
	</Directory>


	3. edit /home/admin/conf/web/shttpd.conf from step 1(see above) and paste the following (see below) before this line </VirtualHost> and save

	CODE: SELECT ALL
	Alias /phpmyadmins-GENERATE-RANDOM-PASS-CODE-HERE /usr/share/phpMyAdmin

	<Directory /usr/share/phpMyAdmin/>
	AllowOverride All
	SSLRequireSSL
	Options +Includes -Indexes +ExecCGI
	</Directory>

	<Directory /usr/share/phpMyAdmin/scripts/>
	AllowOverride All
	SSLRequireSSL
	Options +Includes -Indexes +ExecCGI
	</Directory>


	4. restart apache server
	5. you may now access your phpmyadmin with SSL from only the domain name you made.
	CODE: SELECT ALL
	https://server1.myserver.com/phpmyadmins-GENERATE-RANDOM-PASS-CODE-HERE



	Force SSL Connection on phpmyadmin
	1. go to folder /usr/share/phpMyAdmin (centos 6)
	2 create file config.inc.php and put the following code below and save
	CODE: SELECT ALL
	<?php $cfg['ForceSSL'] = true; ?>



	Add nameserver referral access only (you can only access phpmyadmin by clicking it from the control panel) also uses htaccess
	1. open /usr/share/phpMyAdmin (centos 6)
	2. create .htaccess file and paste the following code below (replacing the proper domain info server1.yourdomain.com)

	CODE: SELECT ALL
	RewriteEngine On
	RewriteCond %{HTTP_REFERER} !(server1.)?yourdomain.com
	RewriteRule .* - [F]


	3. update the phpmyadmin link from vesta control panel viewtopic.php?f=10&t=5264

	now that you have that in place. you wont be able to access phpmyadmin directly in your web browser. you need to click the phpmyadmin link from vesta control panel

	-----------

	Thanks to erldcrtz
	Original post: https://forum.vestacp.com/viewtopic.php?t=5271