I am trying to lock access to phpmyadmin to my IP.
Problem is because centos 8 serveri is behind haproxy.
How to setup apache to lock access on my IP and ban everything else?
below is phpmyadmin.conf in apache setting for access locked on IPs.
If I dont insert in haproxy IP 192.168.1.1 access doesn't work, when I incert 192.168.1.1 that everybody can access phpmyadmin.
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1 123.123.123.123 192.168.1.1
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1 123.123.123.123 192.168.1.1
Allow from ::1
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1 123.123.123.123 192.168.1.1
Allow from ::1
</IfModule>
</Directory>
locking phpmyadmin access on IP
Re: locking phpmyadmin access on IP
What is "haproxy"? I.e. does it do network address translation to hide client from the server?
Details on Apache config ... does Apache have support forums?
Details on Apache config ... does Apache have support forums?
Re: locking phpmyadmin access on IP
haproxy is proxy where you have one public IP and multiple servers with websites behind.
Re: locking phpmyadmin access on IP
you have to set haproxy to deliver X-Forwarded-For header and set your vhost to deny based on X-Forwarded-For
you can only do this with http mode. it will not work and it will never work in tcp mode.
you can only do this with http mode. it will not work and it will never work in tcp mode.
Re: locking phpmyadmin access on IP
Sorry I dont understand this quite well, can you explain it a bit more?
Re: locking phpmyadmin access on IP
The problem is that all requests that come via haproxy appear to your web server to originate from the haproxy ip address. To address this, ha proxy adds an extra header to the http request "X-Forwarded-For:" which contains the original requestors ip address. You need to find a way to get your web server to look at that header instead of the originating ip address.
On CentOS 8 (and presumably Stream 8), apache httpd supplies a mod_remoteip.so that can be used to fix this. See https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
On CentOS 8 (and presumably Stream 8), apache httpd supplies a mod_remoteip.so that can be used to fix this. See https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: locking phpmyadmin access on IP
Thank you, I already looked for that remoteip mod, but didn't know if that will be solution, so I ask first.TrevorH wrote: ↑2022/04/22 20:24:18The problem is that all requests that come via haproxy appear to your web server to originate from the haproxy ip address. To address this, ha proxy adds an extra header to the http request "X-Forwarded-For:" which contains the original requestors ip address. You need to find a way to get your web server to look at that header instead of the originating ip address.
On CentOS 8 (and presumably Stream 8), apache httpd supplies a mod_remoteip.so that can be used to fix this. See https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
I will use remote IP.