How to secure phpMyAdmin with .htaccess

phpMyAdmin is useful for users that want to connect to MySQL through a web interface.  Here we are going to explain how to secure phpMyAdmin and use it safely.Apache Configuration for phpMyAdmin

You can use any editor suitable for you. Nano or vim. In the example below, we are using vim.

# vim /etc/httpd/conf.d/phpmyadmin.conf

Use this code:
<Directory "/usr/share/phpmyadmin";>
		Order Deny,Allow
		Allow from 192.168.10.
		Allow from 127.0.0.1
		Deny from all
		Options FollowSymLinks
        DirectoryIndex index.php
        AllowOverride All
</Directory;>

.htaccess File configuration
Now we need to setup .htaccess file in order to allow the user(s) to access phpMyAdmin login page

# cd /usr/share/phpmyadmin
# vim .htaccess

Use this code:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /usr/share/phpmyadmin/passwd
Require valid-user

Here is the definition of each line above.

AuthType: refers to the type of authentication that wil be use to check the password
AuthName: text that will be displayed at the password prompt and you can Put anything
AuthUserFile: path for file password / will create next step
Require valid-user: tells the .htaccess file that only users in password file to access it.

Create the passwd file
Use the htpasswd command to create a passwd file. Choose the directory of our choice to save the file. This file is not accessible from a browser.

htpasswd -c  /usr/share/phpmyadmin/passwd user-name

-c command is used to create new file.

Now restart Appache service

Once the above steps are done it requires to restart Apache Service using following command:

For CentOS 5/6:-
# service httpd restart
For CentOS 7:-
# systemctl restart httpd

Check your access to phpMyAdmin on the browser

http://192.168.10.40/phpmyadmin/

Note: Plesuse your IP or qualified domain name on the browser.

 

 

 

  • Email, SSL
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Patching OpenSSL (Heartbleed Vulnerability)

A security vulnerability in OpenSSL has been found known as Heartbleed. It's important to...