仅允许在指定的虚拟主机上访问PhpMyadmin

时间:2013-03-11 20:09:49

标签: php apache phpmyadmin virtual-hosts

我正在开发一个多虚拟主机环境。我已经为Mysql Remote Control安装了PhpMyadmin。

环境配置如下:

one.domain.com
two.domain.com
onlyphpmyadmin.domain.com

现在,如果我可以访问三个域之一

http://one.domain.com/phpmyadmin/
http://two.domein.com/phpmyadmin/
http://onlyphpmyadmin.domain.com/phpmyadmin/

结果相同,允许访问Phpmyadmin。

目标是获得下面这样的情况

http://one.domain.com/phpmyadmin/ --> access denied
http://two.domein.com/phpmyadmin/ --> access denied 
http://onlyphpmyadmin.domain.com/phpmyadmin/ -->access allowed

没有与

相似的黑客行为 
<?php 
if($_SERVER['HTTP_HOST'] != 'onlyphpmyadmin.domain.com')
die('access denied');

 ...
 ?>

在一些Phpmyadmin文件上。 

Alias /phpmyadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin>
    Options FollowSymLinks
    DirectoryIndex index.php

    <IfModule mod_php5.c>
        AddType application/x-httpd-php .php

        php_flag magic_quotes_gpc Off
        php_flag track_vars On
        php_flag register_globals Off
        php_admin_flag allow_url_fopen Off
        php_value include_path .
        php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
        php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
    </IfModule>

</Directory>

# Authorize for setup
<Directory /usr/share/phpmyadmin/setup>
    <IfModule mod_authn_file.c>
    AuthType Basic
    AuthName "phpMyAdmin Setup"
    AuthUserFile /etc/phpmyadmin/htpasswd.setup
    </IfModule>
    Require valid-user
</Directory>

# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/libraries>
    Order Deny,Allow
    Deny from All
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
    Order Deny,Allow
    Deny from All
</Directory>

1 个答案:

答案 0 :(得分:1)

如果所有三个虚拟主机都指向同一个文档根目录,则只在虚拟主机配置中的phpmyadmin上添加一个别名,以便它能够工作。

Alias /phpmyadmin /var/www/apps/some/place/where/virtualhosts/cant/access/phpmyadmin
相关问题
最新问题