Securing phpMyAdmin using htaccess, get Internal Server Error

Roberto

Verified User
Joined
Apr 6, 2013
Messages
127
Location
London
Hello

For the past week, I'm getting thousands of bruteforce attacks from one specific IP attempting to log into phpMyAdmin over and over again. I want to restrict access to 12.0.0.1 and my own static IP. I have created a .htaccess file: nano /var/www/html/.htaccess

Code:
<Directory /var/www/html/phpMyAdmin/>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from xx.xx.xx.xx
</Directory>

(where xx.xx.xx.xx is my home static IP)

I have tried setting .htaccess to different file permissions, e.g. 644, but still get the following error:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Can someone please provide specific advice on how to restrict access to phpMyAdmin. I am surprised that there is not a help page on this very issue already published on DirectAdmin help pages.

Regards
 
OK, anyone reading this? I have read that I should be editing phpMyAdmin.conf file and not .htaccess to achieve what i am trying to do. I can't find where the location to phpMyAdmin.conf. Can someone please advise?
 
I got something similar on a box,

/var/www/html/phpMyAdmin/.htaccess

Code:
# ALLOW USER BY IP
<Limit GET POST>
 order deny,allow
 deny from all
 allow from x.x.x.x
</Limit>

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

edit: the bottom part is for enforcing https

I add this file after each update because it gets overwritten.
 
Fantastic. :D Exactly what I needed! The 301 redirect a bonus tip. MANY THANKS!

I got something similar on a box,

/var/www/html/phpMyAdmin/.htaccess

Code:
# ALLOW USER BY IP
<Limit GET POST>
 order deny,allow
 deny from all
 allow from x.x.x.x
</Limit>

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

edit: the bottom part is for enforcing https

I add this file after each update because it gets overwritten.
 
Hi zEitEr

Thanks for responding. I think the website I originally got the snippet of code from was referring to phpMyAdmin.conf and not .htaccess and around the same time, I was reading pages also referring to htaccess, hence the confusion. I never did find out the location of phpMyAdmin.conf, but the htaccess solution works.

Regards
 
Back
Top