How to disable http access to a specific site address?

D

Dmitry2010-09-16 13:11:18

Apache HTTP Server

Dmitry, 2010-09-16 13:11:18

Own server FreeBSD, Apache, php.
The site opens both on http and https. Screwed phpMyAdmin, here is an excerpt from httpd.conf

Alias /myadmin &quot;/usr/local/www/sites/phpMyAdmin/&quot;<br/>
<br/>
&lt;Directory &quot;/usr/local/www/sites/phpMyAdmin/&quot;&gt;<br/>
 Options none<br/>
 AllowOverride Limit<br/>
<br/>
Order Deny,Allow<br/>
 Deny from all<br/>
 Allow from all<br/>

I noticed that someone is sorting through all the popular addresses, hoping to stumble upon phpMyAdmin

error.log:<br/>
<br/>
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/phpmyadmin<br/>
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/phpMyAdmin<br/>
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/db<br/>
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/web<br/>
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/PMA<br/>
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/admin<br/>
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/mysql<br/>

And as a result, he still stumbles upon the right address. What is the easiest way (I'm still new to these things) to protect myself from such searches, or at least make them unsuccessful?
There is an idea to block access via http to the address mysite.ru/myadmin , so that it would be opened only via https (without redirects), but I don’t know how to do this either.
How do you advise?
Thank you in advance.

Reply

Answer the question

In order to leave comments, you need to log in

7 answer(s)

D

digreen, 2010-09-16
@digreen

here is more details if so

N

netme, 2010-09-16
@netme

If myadmin needs to be moved to https only, I would prefer to separate http and https into separate virtual hosts.
It will look something like this:
<VirtualHost *:80>
...
<VirtualHost *:443>
Alias /myadmin "/usr/local/www/sites/phpMyAdmin/"
SSLEngine on
SSLCertificateFile /path/to/certificate
<Directory "/usr/local /www/sites/phpMyAdmin/">
...
The configuration file is located in /usr/local/etc/apache22/extra and is called something like httpd-vhosts.conf, but it must first be uncommented in the main apache config file.

L

lehha, 2010-09-16
@lehha

Searches will always remain, as well as passwords for SSH.
As the easiest option - change the name of the folder where phpmyadmin is located, or put everything important in a subfolder, for example:
site/xxsecret/phpmyadmin/
As the second option - .htaccess - indicating your IP:
Order Allow,Deny
Deny From All
Allow From 127.0. 0.1 127.0.0.2

D

digreen, 2010-09-16
@digreen

in deny from this address and enter. not?

D

dAverk, 2010-09-16
@dAverk

fail2ban

Z

Zazza, 2010-09-16
@Zazza

Searches are most often carried out by bots with a rather limited database of logins and passwords. Most often, you can get by with a good bunch of login-password.
As for the transfer of phpmyadmin, it's easier to make a second host (apache config) for https connections. And accordingly for http: deby from all for the folder with phpmyadmin, for the second config: allow from all

A

artemlight, 2010-09-16
@artemlight

You can make a phpmyadmin folder and hang htaccess on it with a long password.
and put phpmuadmin itself somewhere deeper
And then read the logs and enjoy life.