| joe10001@hotmail.com 2005-11-23, 6:57 pm |
| Hi all,
I'm presently working on a web server. I just installed phpmyadmin and
I would like to secure it. I already put some basics securities rules
but I would like that my phpmyadmin to be only accessible from my LAN
(192.168.0.0) .... and not from my domain name (for example :
http://www.mydomain.com/phpmyadmin)
I made some research and read a lot on the matter and I noticed that I
must make the change on this file /etc/phpmyadmin/config.inc.php
more precisely on those options
########################################
##############
$cfg['Servers'][$i]['AllowDeny']['order'
] // Host authentication
order, leave blank to not use
= 'deny,allow';
$cfg['Servers'][$i]['AllowDeny']['rules'
] // Host authentication
rules, leave blank for defaults
= array(
'deny % from all',
'allow % from localhost',
'allow % from 192.168.0.0/24',
);
########################################
##############
Those modifications seem not to work since I'm still accessing it via
http://www.mydomain.com/phpmyadmin. Must I restart apache or something
??
I also read that this option $cfg['Servers'][$i]['auth_type'] should
be set to http instead of cookie. I tried it too but same result.
Are the file config.inc.php and htaccess (from the same folder) are
related ? So maybe it would be better if I make the change in it
(instead of config.inc.php)
any help would be greatly appreciated
|