By default, your web server allows anyone to connect to it via the browser. This is an good thing as you wish for your website to be accessible. However there may be pages where by you wish to be restricted where by only yourself can make use of. An example of this would be phpmyadmin.
The website https://mysuperweb.co.uk is accessible by anyone on the internet, however my database is also accessible by anyone at: https://mysuperweb.co.uk/phpmyadmin. The database would contain very important files regarding the website and its vital that no one other than authorized personnel is able to view the database.
Whilst there is an active SSL certificate to encrypt the connection, it doesn’t stop people from brute-forcing their way into my database, this means people can keep on guessing the password non-stop. This will cause issues for other legitimate users on the website as they is consuming the resources and the fact that they may eventually get the password correct.
We would look to request an password to view the website link of https://mysuperweb.co.uk/phpmyadmin first, afterwards they will be also be requested another password for phpmyadmin itself to view the database.
We would need to edit the following file to allow the .htaccess file to work within the phpmyadmin directory:
sudo nano /etc/phpmyadmin/apache.confInside this file you will have the following contents:
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.phpWe will add the the following line of “AllowOverride All“. This will give us:
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
AllowOverride AllThe next step is to define the rules for the .htaccess file. The .htaccess rules will be located at:
sudo nano /usr/share/phpmyadmin/.htaccess
Within this file we will submit the following information:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/apache2/.phpmyadmin.htpasswd
Require valid-userFor the attribute of “AuthName” you can modify this to any value you wish, this is the value which will be shown at login. It should be something informative for the user to understand.
The authorized users will be defined at “/etc/apache2/.phpmyadmin.htpasswd“. To create the users we will use the following command:
sudo htpasswd -c /etc/apache2/.phpmyadmin.htpasswd usernameYou will be prompted to create an password for the user “username”. The last step is to restart the services so the changes can take affect with:
service apache2 restartWhen we visit https://mysuperweb.co.uk/phpmyadmin our username will be: “username” and our password. This will provide us with the default phpmyadmin login page itself.
You can review the list of authorized users at:
more /etc/apache2/.phpmyadmin.htpasswdTry it for yourself at:
https://mysuperweb.co.uk/phpmyadmin