Protect phpmyadmin via .htaccess and ssh tunnel

Tags:

phpMyAdmin is an free web software to work with MySQL on the web—it provides a convenient visual front end to the MySQL capabilities. Many website administrator have set up phpmyadmin to manage the mysql database. 

However, by default, anyone can get access to your phpmyadmin through the url <your_hostname>/phpmyadmin. It is necessary to restrict the access to phpmyadmin to protect your website. 

This post describes three ways to protect your phpmyadmin.

  1. change the url of your phpmyadmin  into a private name using the alias method.
  2. Protect your phpmyadmin by allowing visit from known IP address
  3. Protect your phpmyadmin by using ssh tunnel ( this is much safer)

1. Change the default url of your phpmyadmin.

In default, your phpmyadmin url is

You can change it to a different name that only known by you. 

Open the file: /etc/phpmyadmin/apache.conf

Then change the following line:

into 

Then restart your apache by running the following command:

Now the url becomes: <your_host_name>/mynewadmin 

2. Restrict your phpmyadmin by ip address via .htaccess

You can further protect your phpmyadmin by allowing  only known ip address to get access to it. 

1. Set Up the .htaccess File

you need to set up apache.conf to allow the .htaccess file to work within the phpmyadmin directory. 

First, edit the file

Under the directory section, add the line “AllowOverride All” under “Directory Index”, 

Now the section looks like this

2. create the .htaccess file in the phpmyadmin directory:

Create the .htaccess file under /usr/share/phpmyadmin directory:

Add the following line:

Now from the computer with the specified ip address can get access to the url. 

3 Using ssh tunnel  to further protect your phpmyadmin 

We can also restrict the access to phpmyadmin from any ip address but 127.0.0.1.

So we set the following content in the .htaccess file: /usr/share/phpmyadmin/.htaccess

Then we can get access to phpmyadmin through ssh tunnel. 

Run 

Then open your browser, enter http://localhost:8888/phpmyadmin.

If you use putty, please refer to this post on how to get access to remote server through ssh tunnel using putty

After put your hostname under session section, click Connection -> SSH ->  Auth,  then click Browse to select your private key.

Then click Auth-> Tunnels:

In the source port, enter 8888,

In the Destination box: enter 127.0.0.1:80,

Then click add button,

then click Open button to start the ssh tunnel session. 

Once you open your ssh connection through putty, you can get access to phpmyadmin by entering the following url into the address bar of your brower: