Improving the security of PHPMyAdmin and rspamd (UI)

Discussion in 'Tips/Tricks/Mods' started by Th0m, Mar 6, 2021.

  1. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Disallow access for certain database users in PHPMyAdmin
    Add this to the end of the PHPMyAdmin config (/usr/share/phpmyadmin/config.inc.php):
    Code:
    // Disallow login from root and ispconfig users
    $cfg['Servers'][$i]['AllowRoot'] = FALSE;
    $cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
    $cfg['Servers'][$i]['AllowDeny']['rules'] = array(
        'deny ispconfig from all',
        'deny debian-sys-maint from all',
    );
    (Thanks @Jesse Norell for this snippet)

    Only allow certain IP addresses to access PHPMyAdmin:
    Code:
    sudo nano /etc/apache2/conf-available/phpmyadmin.conf
    Add this under <Directory /usr/share/phpmyadmin>:
    Code:
    AllowOverride AuthConfig
    Now restart Apache2:
    Code:
    sudo systemctl restart apache2
    Open a .htaccess file in the PHPMyAdmin web folder:
    Code:
    sudo nano /usr/share/phpmyadmin/.htaccess
    Add this:
    Code:
    # Allow access from trusted IP addresses:
    <RequireAny>
     Require all denied
     Require ip 93.184.216.34
     Require ip 10.0.64.0/24
    </RequireAny>
    Change the IP address/range to the IP addresses you want to allow.

    Two-factor authentication for PHPMyAdmin
    You can set up two-factor authentication by logging in to PHPMyAdmin and going to settings -> Two-factor authentication.

    Only allow certain IP addresses to access rspamd:
    Go to the site you created for your host (for example, mx1.example.com) in the ISPConfig panel. If you followed one of the guides to set up rspamd on the forum, the following snippet has to be used:
    Code:
    <Location /rspamd>
    <RequireAny>
     Require all denied
     Require ip 93.184.216.34
     Require ip 10.0.64.0/24
    </RequireAny>
    </Location>
    Change the IP address/range to the IP addresses you want to allow.
     
    Last edited: Mar 6, 2021
    felan, concept21, madmucho and 3 others like this.
  2. Wade John Beckett

    Wade John Beckett New Member

    Would there be an option for NGINX?
     
    ahrasis likes this.
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I don't use nginx, so I currently don't have a example for this.
     
    Wade John Beckett likes this.
  4. concept21

    concept21 Active Member HowtoForge Supporter

    Nice.

    It seems that Russian bloc is the biggest investors of Ngnix. :cool:

    I like Apache2 myself. It has much more options, easier to configure and now the newest event mpm - very fast! :D
     
    Wade John Beckett likes this.

Share This Page