Password Protect phpMyAdmin Interface not working on global IP.

[hack3rcon]

Hello,
I secured the phpMyAdmin Interface via https://www.atlantic.net/vps-hosting/ho ... -centos-8/. The https://www.tecmint.com/wp-content/uplo ... erface.png dialog showed when I use the local IP but when I use the global IP then it show the login page of phpmyadmin!!
For example, when I enter "http://80.90.100.110/phpmyadmin" it never ask me to enter the username and password, but "http://192.168.1.2/phpmyadmin" ask me.

The file content is:

Code: Select all

$ sudo cat /etc/httpd/conf.d/phpmyadmin.conf 
Alias /phpmyadmin	/usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8
   AllowOverride All
   <IfModule mod_authz_core.c>
     <RequireAny>
      Require all granted
     </RequireAny>
    </IfModule>
    <IfModule !mod_authz_core.c>
      Order Deny,Allow
      Deny from All
      Allow from 127.0.0.1
      Allow from ::1
    </IfModule>
</Directory>
   
<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     <RequireAny>
       Require all granted
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

Thank you.

[BShT]

we have this situation with wordpress and we fix it at vhost

RewriteEngine On
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond expr "! -R '127.0.0.0/8'"
RewriteCond expr "! -R '10.0.0.0/8'"
RewriteCond expr "! -R '172.16.0.0/12'"
RewriteCond expr "! -R '192.168.0.0/16'"
RewriteRule ^(.*)$ - [R=403,L]

you can write your own

[BShT]

you can set an even more restritive conf

<Location />
Require ip 10.0.0.0/22
</Location>

[hack3rcon]

we have this situation with wordpress and we fix it at vhost

RewriteEngine On
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond expr "! -R '127.0.0.0/8'"
RewriteCond expr "! -R '10.0.0.0/8'"
RewriteCond expr "! -R '172.16.0.0/12'"
RewriteCond expr "! -R '192.168.0.0/16'"
RewriteRule ^(.*)$ - [R=403,L]

you can write your own

Should I add these lines to "/etc/httpd/conf.d/phpmyadmin.conf" file?

[hack3rcon]

you can set an even more restritive conf

<Location />
Require ip 10.0.0.0/22
</Location>

Add these lines to "/etc/httpd/conf.d/phpmyadmin.conf" file?

Code: Select all

<Location />
      Require ip 80.90.100.110
    </Location>

?

[BShT]

if you set 80.90.100.110 it will accept only requests from this IP

you should set your internal IP or range

[hack3rcon]

if you set 80.90.100.110 it will accept only requests from this IP

you should set your internal IP or range

Excuse me, I want the dialog about the username and password (https://www.tecmint.com/wp-content/uplo ... erface.png) show from any IP.

[BShT]

https://httpd.apache.org/docs/2.4/howto/access.html

[TrevorH]

Excuse me, I want the dialog about the username and password ... show from any IP.

You want to enable brute force password guessing from botnets?

[hack3rcon]

Excuse me, I want the dialog about the username and password ... show from any IP.

You want to enable brute force password guessing from botnets?

No and I don't like anyone can see the Phpmyadmin login page.