主機設置 phpMyAdmin 訪問白名單
正式網站使用 phpMyAdmin 建議一定要限制允許IP來源,避免目錄被訪問
這裡說明如何透過 Web Server 端來設置允許白名單
(建議!盡可能的不要使用 phpmyadmin)
Apache
Apache 設定限制名單的方式有幾種,
首先,可以透過 httpd.conf
<Directory "/var/www/html/phpmyadmin">
Options All
AllowOverride All
Require all denied
Require ip 192.168.1.xxx 192.168.1.xxx
</Directory>
如果是設定 httpd.conf 設定完成,需重啟服務
service httpd restart
另一種方法是可以透過修改 apache.conf
sudo vim /etc/phpmyadmin/apache.conf
在檔案移動到 <Directory /usr/share/phpmyadmin> 並且加入允許清單,例如:
<Directory /usr/share/phpmyadmin>
Order Deny,Allow
Deny from All
#include your ip/subnet here
Allow from 192.168.1.1
Allow from 192.168.2.0/24
Allow from <the_ip_address_of_your_brower_computer>
或者,直接在 phpMyAdmin 目錄下增加 .htaccess 並且加入以下內容:
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from 192.168.2.0/24
Allow from <the_ip_address_of_your_brower_computer>
Nginx
Nginx 設定方式
sudo vim /etc/nginx/sites-available/default
並且加入白名單設置
location /phpmyadmin {
allow 192.168.1.1
allow 127.0.0.1;
deny all;
}
一樣,設定完成後,重啟 server
service nginx restart
另一個方法,則是設置於 conf
vim /etc/nginx/nginx.conf
設置
server {
location /phpmyadmin {
allow 192.168.1.1
allow 192.168.2.0/24
deny all;
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
}