At home I am running Debian Jessie to provide some web applications to the internet. Everything is setup to run with ssl only. But even with encryption there are some services I just don’t want to expose to the world. One of them is phpmyadmin. I only need the application occasionally, but for those occasions it is really practical.

I tried an awful lot of ways to restrict the application to the local subnet only. I tried .htaccess files, that just got ignored. I tried things like “Deny All” in my <Directory> statement, but nothing seemed to work. I finally stumbled upon this post to the Fedora forums which holds the truth for my environment.

Edit the file: /etc/phpmyadmin/apache.conf and add the following lines (in bold):
<Directory /usr/share/phpmyadmin>
    Options FollowSymLinks
    DirectoryIndex index.php

    <IfModule mod_authz_core.c>
        # Apache 2.4
        <RequireAny>
            Require ip 127.0.0.1
            Require ip 192.168.1.0/24
        </RequireAny>
    </IfModule>

If you are on another private subnet, just update the 192.168.1.0 bit to match your specific subnet. In the unlikely event that you don’t have mod_authz_core enabled, you can enable it on the console with:

# a2enmod authz_core