Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 7th October 2008, 16:47
hhhhhh hhhhhh is offline
Member
 
Join Date: Sep 2008
Posts: 36
Thanks: 10
Thanked 0 Times in 0 Posts
Default Protect phpMyAdmin directory issue

Hello,

I am running Apache2 in my server and the following configuration:

I've installed phpMyAdmin and I linked from /usr/shared/phpmyadmin to /var/www/phpmyadmin

I have few websites in the server using sites enabled so I have:
/var/www/domain1/
/var/www/domain2/
...

If I write on address bar the following:
Code:
www.domain1.com/phpmyadmin
the user will go to phpmyadmin page, it is not protected.

How can I protect this directory with user and password?

I tried the following:

I create a .htaccess file with the following info inside /var/www/phpmyadmin

Code:
AuthUserFile /etc/secret/.htpasswd
AuthName "Login page"
AuthType Basic
Require valid-user
And I create a .htpasswd file in /etc/secret with the following info:
Code:
User1:PasswordEncriptedWithmd5
But the result is nothing, when I put on url address
Code:
www.domain1.com/phpmyadmin
the page show all without protection.

I think that I need to add another thing but I don't know what is.

Anyone can help me?

Thanks in advance!
Reply With Quote
Sponsored Links
  #2  
Old 8th October 2008, 12:37
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

There should be a config.php file in /usr/shared/phpmyadmin where you can specify the authentication method.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
hhhhhh (8th October 2008)
  #3  
Old 8th October 2008, 14:06
hhhhhh hhhhhh is offline
Member
 
Join Date: Sep 2008
Posts: 36
Thanks: 10
Thanked 0 Times in 0 Posts
Default

Hi falko,
Thank you for your reply.
I search inside this folder and found the following files:

config.inc.php
congif.sample.inc.php
config.footer.inc.php
config.header.inc.php

Config.inc.php has got the following inside:

PHP Code:
<?php
/**
 * Please, do not edit this file. The configuration file for Debian
 * is located in the /etc/phpmyadmin directory.
 */

// Load secret generated on postinst
include('/var/lib/phpmyadmin/blowfish_secret.inc.php');

// Load autoconf local config
include('/var/lib/phpmyadmin/config.inc.php');

// Load user's local config
include('/etc/phpmyadmin/config.inc.php');

// Set the default server if there is no defined
if (!isset($cfg['Servers'])) {
    
$cfg['Servers'][1]['host'] = 'localhost';
}

// Set the default values for $cfg['Servers'] entries
for ($i=1; (!empty($cfg['Servers'][$i]['host']) || (isset($cfg['Servers'][$i]['connect_type']) && $cfg['Servers'][$i]['connect_type'] == 'socket')); $i++) {
    if (!isset(
$cfg['Servers'][$i]['auth_type'])) {
        
$cfg['Servers'][$i]['auth_type'] = 'cookie';
    }
    if (!isset(
$cfg['Servers'][$i]['host'])) {
        
$cfg['Servers'][$i]['host'] = 'localhost';
    }
    if (!isset(
$cfg['Servers'][$i]['connect_type'])) {
        
$cfg['Servers'][$i]['connect_type'] = 'tcp';
    }
    if (!isset(
$cfg['Servers'][$i]['compress'])) {
        
$cfg['Servers'][$i]['compress'] = false;
    }
    if (!isset(
$cfg['Servers'][$i]['extension'])) {
        
$cfg['Servers'][$i]['extension'] = 'mysql';
    }
}


And config.sample.inc.php has got it:
PHP Code:
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 * phpMyAdmin sample configuration, you can use it as base for
 * manual configuration. For easier setup you can use scripts/setup.php
 *
 * All directives are explained in Documentation.html and on phpMyAdmin
 * wiki <http://wiki.cihar.com>.
 *
 * @version $Id: config.sample.inc.php 10142 2007-03-20 10:32:13Z cybot_tm $
 */

/*
 * This is needed for cookie based authentication to encrypt password in
 * cookie
 */
$cfg['blowfish_secret'] = ''/* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

/*
 * Servers configuration
 */
$i 0;

/*
 * First server
 */
$i++;
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'cookie';
/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['compress'] = false;
/* Select mysqli if your server has it */
$cfg['Servers'][$i]['extension'] = 'mysql';
/* User for advanced features */
// $cfg['Servers'][$i]['controluser'] = 'pma';
// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
/* Advanced phpMyAdmin features */
// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
// $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark';
// $cfg['Servers'][$i]['relation'] = 'pma_relation';
// $cfg['Servers'][$i]['table_info'] = 'pma_table_info';
// $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords';
// $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages';
// $cfg['Servers'][$i]['column_info'] = 'pma_column_info';
// $cfg['Servers'][$i]['history'] = 'pma_history';
// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords';

/*
 * End of servers configuration
 */

/*
 * Directories for saving/loading files from server
 */
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';

?>
There are the default configuration.

How can I modify this files to allow the protection?

Maybe removing the comment in these lines:?

// $cfg['Servers'][$i]['controluser'] = 'pma';
// $cfg['Servers'][$i]['controlpass'] = 'pmapass';

Thank you in advance
Reply With Quote
  #4  
Old 9th October 2008, 18:22
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Please check /var/lib/phpmyadmin/config.inc.php and /etc/phpmyadmin/config.inc.php.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 10th October 2008, 00:08
hhhhhh hhhhhh is offline
Member
 
Join Date: Sep 2008
Posts: 36
Thanks: 10
Thanked 0 Times in 0 Posts
Default

Hi falko,

Thanks for your reply

I've checked /var/lib/phpmyadmin/config.inc.php and it is empty

And /etc/phpmyadmin/config.inc.php display the following:

PHP Code:
<?php
/**
 * Debian local configuration file
 *
 * This file overrides the settings made by phpMyAdmin interactive setup
 * utility.
 *
 * For example configuration see /usr/share/doc/phpmyadmin/examples/config.default.php.gz
 *
 * NOTE: do not add security sensitive data to this file (like passwords)
 * unless you really know what you're doing. If you do, any user that can
 * run PHP or CGI on your webserver will be able to read them. If you still
 * want to do this, make sure to properly secure the access to this file
 * (also on the filesystem level).
 */

/**
 * Server(s) configuration
 */
$i 0;
// The $cfg['Servers'] array starts with $cfg['Servers'][1].  Do not use $cfg['Servers'][0].
// You can disable a server config entry by setting host to ''.
$i++;

/* Authentication type */
//$cfg['Servers'][$i]['auth_type'] = 'cookie';
/* Server parameters */
//$cfg['Servers'][$i]['host'] = 'localhost';
//$cfg['Servers'][$i]['connect_type'] = 'tcp';
//$cfg['Servers'][$i]['compress'] = false;
/* Select mysqli if your server has it */
//$cfg['Servers'][$i]['extension'] = 'mysql';
/* Optional: User for advanced features */
// $cfg['Servers'][$i]['controluser'] = 'pma';
// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
/* Optional: Advanced phpMyAdmin features */
// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
// $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark';
// $cfg['Servers'][$i]['relation'] = 'pma_relation';
// $cfg['Servers'][$i]['table_info'] = 'pma_table_info';
// $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords';
// $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages';
// $cfg['Servers'][$i]['column_info'] = 'pma_column_info';
// $cfg['Servers'][$i]['history'] = 'pma_history';
// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords';

/*
 * End of servers configuration
 */

/*
 * Directories for saving/loading files from server
 */
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
Should I remove the comments in //$cfg['Servers'][$i]['auth_type'] = 'cookie'; line?

Thanks in advance!
Reply With Quote
  #6  
Old 10th October 2008, 14:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Yes, you can try that.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 10th October 2008, 16:50
hhhhhh hhhhhh is offline
Member
 
Join Date: Sep 2008
Posts: 36
Thanks: 10
Thanked 0 Times in 0 Posts
Default

The same, User&pass alert from .htaccess didn't show
Reply With Quote
  #8  
Old 11th October 2008, 18:58
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Can you post the vhost configuration for domain1?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 11th October 2008, 22:34
hhhhhh hhhhhh is offline
Member
 
Join Date: Sep 2008
Posts: 36
Thanks: 10
Thanked 0 Times in 0 Posts
Default

Hello!

Thank you for your reply and support!

Code:
<VirtualHost *>
        ServerAdmin root@domain1.info
        ServerName www.domain1.com
        DocumentRoot /var/www/domain1/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/domain1/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>
It is located in /etc/apache2/sites-available/domain1.com

Thank you!!
Reply With Quote
  #10  
Old 12th October 2008, 17:27
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
 
Default

What's the output of
Code:
ls -la /var/www/domain1/
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig install issues... flyingaggie Installation/Configuration 2 18th July 2008 10:46
add web site serr57 Installation/Configuration 18 13th April 2008 11:40
directories in /home/admispconfig/ispconfig renamed? Spudchat General 10 12th April 2007 19:37
Systemimager (rsync) doesn't copy all comedit HOWTO-Related Questions 11 19th January 2007 17:17
64-bit Debian 3.1 Install Issue naruto Installation/Configuration 14 5th September 2006 04:12


All times are GMT +2. The time now is 17:33.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.