Disabling PhpMyAdmin except for localhost

[xinan]

Hello,

i need to know the way to disable or deny phpmyadmin access except from localhost.

For example :
http://mysite.com/phpmyadmin <--i need to disable this

and only localhost can access phpmyadmin :
http://localhost/phpmyadmin

Any help is appreciated.

 

[smtalk]

.htaccess Allow/Deny rules: http://www.thelinuxblog.com/htaccess-allow-from/

 

[xinan]

Thank you very much,
I managed to disable outside access, so it's all good for now.
The only thing left is, even my localhost cant access it through http://localhost/phpmyadmin.

The error says

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.
More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

This is my .htaccess config.

AuthName "phpMyAdmin Area"
AuthType Basic
AddType x-mapp-php5 .php
<Limit GET POST>
order deny,allow
deny from all
allow from localhost

I also try to put my ip address in "allow from xx.xxx.xx.xx" but it still returns the same error.

 

[smtalk]

Try: allow from 127.0.0.1

 

[nobaloney]

Isn't the problem that once you deny you can't allow from anyone?

Or am I misunderstanding the .htaccess file? that's very possible, because I don't write them regularly.

Jeff

 

[Crusader]

I had this working on my old server but can't, for the life of me, remember how.

I had it set to only respond on the main server IP address.

 

[xinan]

I'm sorry for not replying faster, for i got work to do.

smtalk :
I tried with 127.0.0.1, but it still failed. Did u know where did they put the error message (somewhere in /var/log/ but i dont know which one) so i can paste it here.

jlasman :
I dont know, but based on what the .htaccess said when i read the documentation (for god sakes who knows how long :<), it says the "allow" function override the "deny" one, but of course, i have no way of making that sure since i failed this one.

 

[LawsHosting]

Excuse me for butting in and apologise if I'm way off.......

are you wanting it to be only accessed via the actual server, as in typing http://localhost etc from a browser on the server itself, and not via WAN?

Edit: I knew this was going to be a pointless post lol

 

[xinan]

Yes,i want only the actual server (which i can access graphically using NX) to have access to phpmyadmin ( http://localhost/phpmyadmin )
More specifically, i'm using Debian 4.0 etch, Iceweasel (debian apparently like this browser over original firefox)Browser.

 

[floyd]

I think you might want:

order allow,deny
allow from localhost
deny from all

it says the "allow" function override the "deny" one

But I think that depends on the "order"

But I could be wrong. Something to try though.

 

[nobaloney]

I dont know, but based on what the .htaccess said when i read the documentation (for god sakes who knows how long :<), it says the "allow" function override the "deny" one, but of course, i have no way of making that sure since i failed this one.

I agree with Floyd; I believe it depends on the order.

Jeff

 

[smtalk]

http://httpd.apache.org/docs/2.2/howto/access.html, quote:

Using Order will let you be sure that you are actually restricting things to the group that you want to let in, by combining a Deny and an Allow directive:
Order deny,allow
Deny from all
Allow from dev.example.com

Listing just the Allow directive would not do what you want, because it will let folks from that host in, in addition to letting everyone in. What you want is to let only those folks in.