Securing phpMyAdmin on Ubuntu with Apache2 and MySQL
Hardening phpMyAdmin || Securing phpMyAdmin
Embedded Files
PHPMYADMIN is a popular web-based administration tool for managing MySQL databases. However, its default setup can pose security risks if not properly configured. In this guide, we'll walk through the steps to secure phpMyAdmin on Ubuntu using Apache2 and MySQL.
Step 1: Install MySQL Server
Step 1: Install MySQL Server
First, we need to install MySQL Server on our Ubuntu system:
sudo apt install mysql-server -y
After installing MySQL Server, we'll need to create a user with appropriate privileges:
sudo mysql -u root
CREATE USER 'user'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'user'@'localhost' WITH GRANT OPTION;
Replace 'user' and 'password' with your desired username and password.
Step 2: Install Apache2 and phpMyAdmin
Step 2: Install Apache2 and phpMyAdmin
Next, we'll install Apache2, phpMyAdmin, and other necessary packages:
sudo apt-get install apache2 apache2-utils mcrypt php libapache2-mod-php php-curl php-json php-cgi php-mbstring php-zip php-gd php-mysql php-mysqli phpmyadmin -y
Step 3: Enable PHP mbstring module
Step 3: Enable PHP mbstring module
Enable the PHP mbstring module, which is required for phpMyAdmin:
sudo phpenmod mbstring
sudo systemctl restart apache2
Step 4: Configure phpMyAdmin with Apache2
Step 4: Configure phpMyAdmin with Apache2
Create a symlink for phpMyAdmin configuration files:
sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf
Enable the phpMyAdmin configuration and reload Apache:
sudo a2enconf phpmyadmin
sudo systemctl reload apache2
Step 5: Change phpMyAdmin Alias
Step 5: Change phpMyAdmin Alias
Changing the default directory alias adds an extra layer of security. Edit the Apache configuration file:
sudo nano /etc/phpmyadmin/apache.conf
Replace the default Alias with a custom one:
Alias /custom_alias /usr/share/phpmyadmin
Save the file and restart Apache:
sudo systemctl reload apache2
Step 6: Set up Password Based Authentication
Step 6: Set up Password Based Authentication
Add authentication to phpMyAdmin using Apache's .htaccess file:
sudo nano /usr/share/phpmyadmin/.htaccess
Add the following configuration:
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user
Create a username and password for authentication:
sudo htpasswd -c /etc/phpmyadmin/.htpasswd username
Replace 'username' with your desired username. You'll be prompted to set a password.
Restart Apache to apply the changes:
sudo systemctl reload apache2
Step 7: Restrict Access to Specific IP Address
Step 7: Restrict Access to Specific IP Address
If desired, restrict access to phpMyAdmin to specific IP addresses:
sudo nano /etc/phpmyadmin/apache.conf
Add the following configuration within the Directory block:
Order Deny,Allow
Deny from All
Allow from 192.168.1.1
Replace '192.168.1.1' with your allowed IP address.
Restart Apache for the changes to take effect:
The full configuration file should now be similar to the following:
Alias /custom_alias /usr/share/phpmyadmin
Alias /custom_alias /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin>
Options SymLinksIfOwnerMatch
DirectoryIndex index.php
AllowOverride All
AllowOverride All
# limit libapache2-mod-php to files and directories necessary by pma
<IfModule mod_php7.c>
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/php/php-php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/:/usr/share/doc/phpmyadmin/:/usr/share/php/phpseclib/:/usr/share/php/PhpMyAdmin/:/usr/share/php/Symfony/:/usr/share/php/Twig/:/usr/share/php/Twig-Extensions/:/usr/share/php/ReCaptcha/:/usr/share/php/Psr/Container/:/usr/share/php/Psr/Cache/:/usr/share/php/Psr/Log/:/usr/share/php/Psr/SimpleCache/
</IfModule>
Order Deny,Allow
Deny from All
Allow from 192.168.1.1
</Directory>
# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/templates>
Require all denied
</Directory>
<Directory /usr/share/phpmyadmin/libraries>
Require all denied
</Directory>
sudo systemctl reload apache2
Step 8: Custom PHP Configuration
Step 8: Custom PHP Configuration
For additional security, customize PHP settings in phpMyAdmin's configuration file:
sudo nano /etc/phpmyadmin/config.inc.php
Add custom PHP configurations:
/* Custom Security Configuration */
$cfg['LoginCookieValidity'] = 14400;
$cfg['LoginCookieRecall'] = false;
$cfg['AllowUserDropDatabase'] = false;
$cfg['ShowServerInfo'] = false;
$cfg['RestrictPaths'] = yes;
Save the file and restart Apache:
sudo systemctl reload apache2
By following these steps, you'll have secured your phpMyAdmin installation on Ubuntu, enhancing the overall security of your MySQL databases.
Securing phpMyAdmin on Apache Server: A Comprehensive Guide
Securing phpMyAdmin on Apache Server: A Comprehensive Guide
phpMyAdmin is a popular web-based tool for managing MySQL and MariaDB databases. While it's incredibly useful for database administration tasks, it's essential to ensure its security to prevent unauthorized access to sensitive data. In this guide, we'll walk through the steps to secure phpMyAdmin on an Apache web server.
Step 1: Edit Apache Configuration
sudo nano /etc/apache2/sites-available/000-default.conf
In the Apache configuration file, add the following Alias directive to allow access to phpMyAdmin:
Alias /citpl-phpmyadmin /usr/share/phpmyadmin
Step 2: Set Permissions and Ownership
sudo chown www-data:www-data /etc/phpmyadmin/.htpasswd
sudo chmod 640 /etc/phpmyadmin/.htpasswd
sudo chown -R www-data:www-data /etc/phpmyadmin
sudo chmod -R 750 /etc/phpmyadmin
sudo chmod 750 /etc/phpmyadmin
Step 3: Enable Apache Modules
sudo a2enmod auth_basic
sudo a2enmod authn_file
sudo a2enmod rewrite
Step 4: Reload AppArmor and Apache
sudo systemctl reload apparmor
sudo systemctl restart apache2
Step 5: Monitor Logs for Errors
sudo systemctl status apparmor.service
sudo journalctl -xeu apparmor.service
sudo apachectl configtest
sudo tail -f /var/log/apache2/error.log
Step 6: Configure Authentication
sudo nano /usr/share/phpmyadmin/.htaccess
Add the following lines to the `.htaccess` file:
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user
Step 7: Restrict Access with AppArmor
sudo nano /etc/apparmor.d/usr.sbin.apache2
Add the following line to restrict access to the `.htpasswd` file:
/etc/phpmyadmin/.htpasswd r,
Step 8: Configure phpMyAdmin Directory
sudo nano /etc/apache2/conf-available/phpmyadmin.conf
Add the following configuration to the file:
# phpMyAdmin default Apache configuration
# Alias for accessing phpMyAdmin
Alias /citpl-phpmyadmin /usr/share/phpmyadmin
# Directory configuration for phpMyAdmin
<Directory /usr/share/phpmyadmin>
Options SymLinksIfOwnerMatch
DirectoryIndex index.php
# PHP settings for phpMyAdmin
<IfModule mod_php7.c>
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/usr/share/doc/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/:/usr/share/javascript/
</IfModule>
# PHP 8+ settings for phpMyAdmin
<IfModule mod_php.c>
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/usr/share/doc/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/:/usr/share/javascript/
</IfModule>
</Directory>
# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/templates>
Require all denied
</Directory>
<Directory /usr/share/phpmyadmin/libraries>
Require all denied
</Directory>
Conclusion
Securing phpMyAdmin is crucial for protecting your database from unauthorized access. By following these steps, you can ensure that phpMyAdmin is properly configured and accessible only to authorised users. Remember to regularly update and review your security measures to keep your data safe.
Google Sites
Report abuse