Answer the question
In order to leave comments, you need to log in
D
D
Dmitry2010-09-16 13:11:18
Dmitry, 2010-09-16 13:11:18
How to disable http access to a specific site address?
Own server FreeBSD, Apache, php.
The site opens both on http and https. Screwed phpMyAdmin, here is an excerpt from httpd.conf
Alias /myadmin "/usr/local/www/sites/phpMyAdmin/"<br/>
<br/>
<Directory "/usr/local/www/sites/phpMyAdmin/"><br/>
Options none<br/>
AllowOverride Limit<br/>
<br/>
Order Deny,Allow<br/>
Deny from all<br/>
Allow from all<br/>I noticed that someone is sorting through all the popular addresses, hoping to stumble upon phpMyAdmin
error.log:<br/>
<br/>
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/phpmyadmin<br/>
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/phpMyAdmin<br/>
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/db<br/>
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/web<br/>
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/PMA<br/>
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/admin<br/>
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/mysql<br/>And as a result, he still stumbles upon the right address. What is the easiest way (I'm still new to these things) to protect myself from such searches, or at least make them unsuccessful?
There is an idea to block access via http to the address mysite.ru/myadmin , so that it would be opened only via https (without redirects), but I don’t know how to do this either.
How do you advise?
Thank you in advance.
7 answer(s)
@netme
@lehha
@Zazza
@artemlight
N
netme, 2010-09-16 @netme
If myadmin needs to be moved to https only, I would prefer to separate http and https into separate virtual hosts.
It will look something like this:
<VirtualHost *:80>
...
<VirtualHost *:443>
Alias /myadmin "/usr/local/www/sites/phpMyAdmin/"
SSLEngine on
SSLCertificateFile /path/to/certificate
<Directory "/usr/local /www/sites/phpMyAdmin/">
...
The configuration file is located in /usr/local/etc/apache22/extra and is called something like httpd-vhosts.conf, but it must first be uncommented in the main apache config file.
L
lehha, 2010-09-16 @lehha
Searches will always remain, as well as passwords for SSH.
As the easiest option - change the name of the folder where phpmyadmin is located, or put everything important in a subfolder, for example:
site/xxsecret/phpmyadmin/
As the second option - .htaccess - indicating your IP:
Order Allow,Deny
Deny From All
Allow From 127.0. 0.1 127.0.0.2
Z
Zazza, 2010-09-16 @Zazza
Searches are most often carried out by bots with a rather limited database of logins and passwords. Most often, you can get by with a good bunch of login-password.
As for the transfer of phpmyadmin, it's easier to make a second host (apache config) for https connections. And accordingly for http: deby from all for the folder with phpmyadmin, for the second config: allow from all
A
artemlight, 2010-09-16 @artemlight
You can make a phpmyadmin folder and hang htaccess on it with a long password.
and put phpmuadmin itself somewhere deeper
And then read the logs and enjoy life.
Similar questions
K
Kolya Vantukh2017-10-15 13:20:47
Why does it take a long time to send ajax requests to openserver?
2Reply
D
K
A
K
Konstantin2017-10-31 14:49:40
VPS. Everything slows down on Apache2, flies on nginx, what's wrong?
5Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question