Restricting the access to phpmyadmin in Apache 2 on Ubuntu

By default Apache 2 is configured in a way that phpmyadmin is automatically included to all the hosted web sites. For example, if I create a new site ‘site.com’, and then navigate to this address:

http://site.com/phpmyadmin

the phpmyadmin login page appears.

That is good for beginners, but in real-life it could be a security risk, so I decided to disable the access to phpmyadmin by removing the following symbolic link:

rm /etc/apache2/conf.d/phpmyadmin.conf

This link could be restored by the following command:

ln -s -T /etc/phpmyadmin/apache.conf phpmyadmin.conf

Then I created specific Virtual Host to access phpmyadmin:

<VirtualHost *:80>
    ServerName db.mysite.com
    RedirectMatch permanent ^/$ http://db.mysite.com/phpmyadmin
    Include /etc/phpmyadmin/apache.conf
    ErrorLog "/var/log/apache2/phpmyadmin-error.log"
    CustomLog "/var/log/apache2/phpmyadmin-access.log" common
</VirtualHost>

3 Responses to Restricting the access to phpmyadmin in Apache 2 on Ubuntu

  1. Martin says:

    Thanks!!. I’m searching this

  2. Jozef says:

    Make sure you have a decent password aswell.

Leave a Reply

Your email address will not be published. Required fields are marked *