Restrict phpmyadmin access to local ip

At home I am running Debian Jessie to provide some web applications to the internet. Everything is setup to run with ssl only. But even with encryption there are some services I just don’t want to expose to the world. One of them is phpmyadmin. I only need the application occasionally, but for those occasions it is really practical.

I tried an awful lot of ways to restrict the application to the local subnet only. I tried .htaccess files, that just got ignored. I tried things like “Deny All” in my <Directory> statement, but nothing seemed to work. I finally stumbled upon this post to the Fedora forums which holds the truth for my environment.

Edit the file: /etc/phpmyadmin/apache.conf and add the following lines (in bold):
<Directory /usr/share/phpmyadmin>
    Options FollowSymLinks
    DirectoryIndex index.php

    <IfModule mod_authz_core.c>
        # Apache 2.4
            Require ip
            Require ip

If you are on another private subnet, just update the bit to match your specific subnet. In the unlikely event that you don’t have mod_authz_core enabled, you can enable it on the console with:

# a2enmod authz_core

Leave a Reply