Block /phpmyadmin for none DirectAdmin logged-in users
- Thread starter nservices
- Start date
Hello,
By default you login into Directadmin as an user and its name is not the same with a MySQL user which you use to connect to your DB. I mean if you login into directadmin as bob, and by default you are not allowed to connect to MySQL as bob, you need to have another user let's say bob_db1 to connect to your DB, for example with the same name bob_db1. Thus to authorize in directadmin and in phpmyadmin different usernames are used. So there can not be one form for authentication without changes on Directadmin's side, so Signon authentication mode cannot be used here. Please correct me anybody if I'm wrong here.
Thus to achieve the desired requests to phpmyadmin might need to be proxy'ed via Directadmin, or you need to check and validate cookies created by Directadmin in phpmyadmin. But still you will need to authenticate in phpMyAdmin using a valid MySQL user.
Another issue is that some of us may share access to phpmyadmin with members of a team, and if you need to give a developer an access to phpmyadmin you might not want that he/she access Directadmin.
Please anyone share your thoughts.
By default you login into Directadmin as an user and its name is not the same with a MySQL user which you use to connect to your DB. I mean if you login into directadmin as bob, and by default you are not allowed to connect to MySQL as bob, you need to have another user let's say bob_db1 to connect to your DB, for example with the same name bob_db1. Thus to authorize in directadmin and in phpmyadmin different usernames are used. So there can not be one form for authentication without changes on Directadmin's side, so Signon authentication mode cannot be used here. Please correct me anybody if I'm wrong here.
Thus to achieve the desired requests to phpmyadmin might need to be proxy'ed via Directadmin, or you need to check and validate cookies created by Directadmin in phpmyadmin. But still you will need to authenticate in phpMyAdmin using a valid MySQL user.
Another issue is that some of us may share access to phpmyadmin with members of a team, and if you need to give a developer an access to phpmyadmin you might not want that he/she access Directadmin.
Please anyone share your thoughts.
- Joined
- Feb 27, 2003
- Messages
- 9,158
Random idea, create:
with code
it's not the most disk-efficient, but would keep the .htaccess updated with IPs only listed in the sessions.
Just keep in mind that "demo" counts in that list, so just be sure to not allow demo logins if you use this method.. or tweak it a bit more to only count IPs that do not have demo in their session file.
John
Code:
/usr/local/directadmin/scripts/custom/all_post.sh
Code:
#!/bin/sh
HTA=/var/www/html/phpMyAdmin/.htaccess
echo -n > $HTA
echo '<Limit GET POST>' >> $HTA
echo ' order deny,allow' >> $HTA
echo ' deny from all' >> $HTA
for ip in `grep ^ip= /usr/local/directadmin/data/sessions/da_sess_* | cut -d= -f2`; do
{
echo "allow from $ip" >> $HTA
};
done;
echo '</Limit>' >> $HTA
echo '<Limit PUT DELETE>' >> $HTA
echo ' order deny,allow' >> $HTA
echo ' deny from all' >> $HTA
echo '</Limit>' >> $HTA
exit 0;Just keep in mind that "demo" counts in that list, so just be sure to not allow demo logins if you use this method.. or tweak it a bit more to only count IPs that do not have demo in their session file.
John
BBM
Verified User
Long time update. Not sure if this is still relevant, but after applying the above I'm getting this error:
Trying to limit access to phpmyadmin except myself because I'm seeing a lot of traffic increase of bots trying to hack into phpMyAdmin.
Edit:
After creating all_post.sh I changed its owner to diradmin:diradmin
and created /var/www/html/phpMyAdmin/.htaccess with webapps:webapps ownership (tried diradmin as owner but didn't work either).
Code:
Command Returned
Details:
sh: /usr/local/directadmin/scripts/custom/all_post.sh: Permission deniedTrying to limit access to phpmyadmin except myself because I'm seeing a lot of traffic increase of bots trying to hack into phpMyAdmin.
Edit:
After creating all_post.sh I changed its owner to diradmin:diradmin
and created /var/www/html/phpMyAdmin/.htaccess with webapps:webapps ownership (tried diradmin as owner but didn't work either).