Bonjour à tous, je souhaiterais augmenter la protection de phpMyadmin en ajoutant une identification avec httpd
J’ai modifier mon fichier /etc/httpd/conf.d/phpMyAdmin.conf de la façon suivante :
# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
Options FollowSymLinks
DirectoryIndex index.php
AllowOverride All
Require local
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
Require local
</Directory>
# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
Require all denied
</Directory>
<Directory /usr/share/phpMyAdmin/templates/>
Require all denied
</Directory>
<Directory /usr/share/phpMyAdmin/setup/lib/>
Require all denied
</Directory>
<Directory /usr/share/phpMyAdmin/setup/frames/>
Require all denied
</Directory>
# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc. This may break your mod_security implementation.
#
#<IfModule mod_security.c>
# <Directory /usr/share/phpMyAdmin/>
# SecRuleInheritance Off
# </Directory>
#</IfModule>
Puis j’ai modifié le fichier /usr/share/phpMyAdmin/.htaccess en ajoutant :
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user
j’ai bien entendu créer un utilisateur dans mon htpassword et lorsque je me rends sur la page de phpMyadmin j’ai une erreur 500.
Pouvez vous m’aider à sécuriser phpMyadmin ?
