Password Protect phpMyAdmin Interface not working on global IP.

Support for security such as Firewalls and securing linux
hack3rcon
Posts: 728
Joined: 2014/11/24 11:04:37

Password Protect phpMyAdmin Interface not working on global IP.

Post by hack3rcon » 2020/08/17 13:36:53

Hello,
I secured the phpMyAdmin Interface via https://www.atlantic.net/vps-hosting/ho ... -centos-8/. The https://www.tecmint.com/wp-content/uplo ... erface.png dialog showed when I use the local IP but when I use the global IP then it show the login page of phpmyadmin!!
For example, when I enter "http://80.90.100.110/phpmyadmin" it never ask me to enter the username and password, but "http://192.168.1.2/phpmyadmin" ask me.

The file content is:

Code: Select all

$ sudo cat /etc/httpd/conf.d/phpmyadmin.conf 
Alias /phpmyadmin	/usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8
   AllowOverride All
   <IfModule mod_authz_core.c>
     <RequireAny>
      Require all granted
     </RequireAny>
    </IfModule>
    <IfModule !mod_authz_core.c>
      Order Deny,Allow
      Deny from All
      Allow from 127.0.0.1
      Allow from ::1
    </IfModule>
</Directory>
   
<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     <RequireAny>
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>
Thank you.

BShT
Posts: 382
Joined: 2019/10/09 12:31:40

Re: Password Protect phpMyAdmin Interface not working on global IP.

Post by BShT » 2020/08/17 17:57:02

we have this situation with wordpress and we fix it at vhost

RewriteEngine On
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond expr "! -R '127.0.0.0/8'"
RewriteCond expr "! -R '10.0.0.0/8'"
RewriteCond expr "! -R '172.16.0.0/12'"
RewriteCond expr "! -R '192.168.0.0/16'"
RewriteRule ^(.*)$ - [R=403,L]

you can write your own

BShT
Posts: 382
Joined: 2019/10/09 12:31:40

Re: Password Protect phpMyAdmin Interface not working on global IP.

Post by BShT » 2020/08/17 18:00:04

you can set an even more restritive conf

<Location />
Require ip 10.0.0.0/22
</Location>

hack3rcon
Posts: 728
Joined: 2014/11/24 11:04:37

Re: Password Protect phpMyAdmin Interface not working on global IP.

Post by hack3rcon » 2020/08/17 18:36:24

BShT wrote:
2020/08/17 17:57:02
we have this situation with wordpress and we fix it at vhost

RewriteEngine On
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond expr "! -R '127.0.0.0/8'"
RewriteCond expr "! -R '10.0.0.0/8'"
RewriteCond expr "! -R '172.16.0.0/12'"
RewriteCond expr "! -R '192.168.0.0/16'"
RewriteRule ^(.*)$ - [R=403,L]

you can write your own
Should I add these lines to "/etc/httpd/conf.d/phpmyadmin.conf" file?

hack3rcon
Posts: 728
Joined: 2014/11/24 11:04:37

Re: Password Protect phpMyAdmin Interface not working on global IP.

Post by hack3rcon » 2020/08/17 18:38:04

BShT wrote:
2020/08/17 18:00:04
you can set an even more restritive conf

<Location />
Require ip 10.0.0.0/22
</Location>
Add these lines to "/etc/httpd/conf.d/phpmyadmin.conf" file?

Code: Select all

<Location />
      Require ip 80.90.100.110
    </Location>
?

BShT
Posts: 382
Joined: 2019/10/09 12:31:40

Re: Password Protect phpMyAdmin Interface not working on global IP.

Post by BShT » 2020/08/17 18:47:22

if you set 80.90.100.110 it will accept only requests from this IP

you should set your internal IP or range

hack3rcon
Posts: 728
Joined: 2014/11/24 11:04:37

Re: Password Protect phpMyAdmin Interface not working on global IP.

Post by hack3rcon » 2020/08/17 20:11:56

BShT wrote:
2020/08/17 18:47:22
if you set 80.90.100.110 it will accept only requests from this IP

you should set your internal IP or range
Excuse me, I want the dialog about the username and password (https://www.tecmint.com/wp-content/uplo ... erface.png) show from any IP.


User avatar
TrevorH
Forum Moderator
Posts: 30174
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Password Protect phpMyAdmin Interface not working on global IP.

Post by TrevorH » 2020/08/17 21:56:32

Excuse me, I want the dialog about the username and password ... show from any IP.
You want to enable brute force password guessing from botnets?
CentOS 6 died in November 2020 - migrate to a new version!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

hack3rcon
Posts: 728
Joined: 2014/11/24 11:04:37

Re: Password Protect phpMyAdmin Interface not working on global IP.

Post by hack3rcon » 2020/08/18 05:08:55

TrevorH wrote:
2020/08/17 21:56:32
Excuse me, I want the dialog about the username and password ... show from any IP.
You want to enable brute force password guessing from botnets?
No and I don't like anyone can see the Phpmyadmin login page.
Last edited by hack3rcon on 2020/08/20 18:05:36, edited 1 time in total.

Post Reply

Return to “CentOS 8 - Security Support”