Securing phpmyadmin: non-standard port + https

Posted by elect on Server Fault See other posts from Server Fault or by elect
Published on 2012-11-04T14:19:32Z Indexed on 2012/11/04 23:02 UTC
Read the original article Hit count: 213

Filed under:

apache2

|

port

|

https

|

phpmyadmin

Trying to secure phpmyadmin, we already did the following:

Cookie Auth login
firewall off tcp port 3306.
running on non-standard port

Now we would like to implement https... but how could it work with phpmyadmin running already on a non-stardard port?

This is the apache config:

# PHP MY ADMIN
<VirtualHost *:$CUSTOMPORT>
    Alias /phpmyadmin /usr/share/phpmyadmin

    <Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php

        <IfModule mod_php5.c>
            AddType application/x-httpd-php .php

            php_flag magic_quotes_gpc Off
            php_flag track_vars On
            php_flag register_globals Off
            php_value include_path .
        </IfModule>

    </Directory>

    # Disallow web access to directories that don't need it
    <Directory /usr/share/phpmyadmin/libraries>
        Order Deny,Allow
        Deny from All
    </Directory>

    <Directory /usr/share/phpmyadmin/setup/lib>
        Order Deny,Allow
        Deny from All
    </Directory>

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/phpmyadmin.log combined
</VirtualHost>

© Server Fault or respective owner

Related posts about apache2

apache2: Could not open configuration file /etc/apache2/apache2.conf: Permission denied

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I recently upgraded Ubuntu to the latest LTS edition on my work laptop, which I use as a LAMP development platform. The upgrade was from 12.4 to 14.4. Now I'm having trouble getting apache up and running again. Here is the output from an attempt: antonc@antonc-laptop:/etc/apache2$ sudo service apache2… >>> More
Apache segfault glibc segfault

as seen on Server Fault - Search for 'Server Fault'
I keep getting (about every 5-6 hours) this segfault in apache: [Tue Jun 26 12:43:10 2012] [notice] child pid 26810 exit signal Aborted (6) *** glibc detected *** /usr/sbin/apache2: free(): invalid pointer: 0xb68c2628 *** ======= Backtrace: ========= /lib/i386-linux-gnu/libc.so.6(+0x6ff22)[0xb75aef22] /lib/i386-linux-gnu/libc… >>> More
Localhost not working after installing PHP on Mountain Lion

as seen on Server Fault - Search for 'Server Fault'
I've installed php using brew install php54 --with-mysql, I've set up all the path correctly. which php will give me /usr/local/bin/php php -v will give me PHP 5.4.8 (cli) (built: Nov 20 2012 09:29:31) php --ini will give me: Configuration File (php.ini) Path: /usr/local/etc/php/5.4 Loaded Configuration… >>> More
Apache 2 Virtual Hosts no working on OSX 10.6

as seen on Server Fault - Search for 'Server Fault'
This is my first MacBook and I'm trying to get virtual hosts up and running so as it's going to be my dev machine. I've got apache/php/mysql running fine, the problem is that what ever address I go to I just get one of the virtual hosts I've setup. I can't even get to the root site anymore. I had… >>> More
apache2 error Could not open configuration file /etc/apache2/conf.d/: No such file or directory

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have just upgraded my Ubuntu 13.10 and apache2 is not working. When I try to start the apache2 server it is printing following errors: * Starting web server apache2 * The apache2 configtest failed. Output of config test was: apache2: Syntax error on line 263 of /etc/apache2/apache2.conf: Could… >>> More

Related posts about port

Port forward to different port number

as seen on Super User - Search for 'Super User'
I have a router that sets up rules like so: TCP Any -> 5800 Any -> 5900 UDP Any -> 5800 Any -> 5900 Computer: ip-address This would allow someone 'outside' to connect to my router's port 5800 and 5900 and forward that to the same port on my computer. My issue is that I want the 'outside'… >>> More
"port forwarding": redirect calls to webservice at port 8081 to port 80

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, a colleague of mine wrote a webservice that runs on port 8081 of our Windows 2008 Server. He uses the class ServiceHost, afaik this means its a standalone host (no IIS or ASP involvement). Note: I'm new into WCF ;) Now there are some issues with clients behind a firewall blocking the requests… >>> More
Problem with hadoop start-dfs.sh

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I installed and configured hadoop on my Ubuntu 14.04 server, virtualized inside of hyper-v, however I am getting an issue when i run start-dfs.sh root@sUbuntu01:/var/log# start-dfs.sh 14/06/04 15:27:08 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java… >>> More
USB Hub and Ubuntu

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a powered 7 port hub connected to my Ubuntu box and it does nothing. The devices (zip drive and web cam) work direct, but aren't recognized through the hub. This worked fine in Windows 7. I can't prove it is the OS because this is a new motherboard and processor. Any advice? EDIT : Output… >>> More
Cannot change port 25 to port 587

as seen on Super User - Search for 'Super User'
I am using outlook 2003. My email provider is Cox. Trying to change my out going port to 587 so I send mail while traveling. Others I know on Cox have done this with succes, but they are using newer version of outlook. When I go to change my existing email accounts, outlook will not allow me to… >>> More