At home I am running Debian Jessie to provide some web applications to the internet. Everything is setup to run with ssl only. But even with encryption there are some services I just don’t want to expose to the world. One of them is phpmyadmin. I only need the application occasionally, but for those occasions it is really practical.
I tried an awful lot of ways to restrict the application to the local subnet only. I tried .htaccess files, that just got ignored. I tried things like “Deny All” in my <Directory> statement, but nothing seemed to work. I finally stumbled upon this post to the Fedora forums which holds the truth for my environment.
Edit the file: /etc/phpmyadmin/apache.conf and add the following lines (in bold):
# Apache 2.4
Require ip 127.0.0.1
Require ip 192.168.1.0/24
If you are on another private subnet, just update the 192.168.1.0 bit to match your specific subnet. In the unlikely event that you don’t have mod_authz_core enabled, you can enable it on the console with:
# a2enmod authz_core