Step Three — Install phpMyAdmin for CentOS 5.1

August 8, 2016 277 views
MySQL PHP CentOS

In digitalocean's tutorial "How To Install and Secure phpMyAdmin on a CentOS 6.4 VPS", it mentions that there are four places to put your home external IP address to replace 127.0.0.1 in when configuring the phpMyAdmin.conf file. The four places are described as:

". . .
Require ip yourworkstationIPaddress
. . .
Allow from your
workstationIPaddress
. . .
Require ip yourworkstationIPaddress
. . .
Allow from your
workstationIPaddress
. . ."

However, I am working with CentOS 5.1 and while editing my phpMyAdmin.conf located in /etc/httpd/conf.d/, I do not see any lines that say "Require ip". My areas of configuration for external access look like this:
...
<Directory /usr/share/phpMyAdmin/>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</Directory>
...
<Directory /usr/share/phpMyAdmin/scripts/>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</Directory>
...
<Directory /usr/share/phpMyAdmin/libraries/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
...
I being the resourceful guy that I am sent in a support ticket to find out exactly what I am supposed to do here due to the extreme security risk this file could create if done wrong and the response I got was very good but didn't explain what to do with all three sections. I know the support tech doesn't know my external IP but I was not told what to with all three sections. Do I need to add a section? Do I "Deny from" All still? Do I allow from <my_workstation_IP> for all three sections? I am in need of this information and was told that this issue would be posted here in these community pages. I have not found it so, I am taking action of my own. Thanks in advance for any help received.

1 Answer
eris MOD August 8, 2016
Accepted Answer

You would want to add Allow from <my_workstation_IP> to /usr/share/phpMyAdmin/ and /usr/share/phpMyAdmin/scripts/ but not /usr/share/phpMyAdmin/libraries/. Leave the Deny from All line -- that's the line that protects PHPMyAdmin from being reachable by the public.

The libraries directory is only used by PHPMyAdmin itself, and doesn't need to be accessible from your IP (or by anyone).

You can add that line before/after Allow from 127.0.0.1 or you can replace that line as the tutorial suggests. Up to you. :)

Have another answer? Share your knowledge.