How to disable http access to a specific website address?


Warning: count(): Parameter must be an array or an object that implements Countable in /home/styllloz/public_html/qa-theme/donut-theme/qa-donut-layer.php on line 274
0 like 0 dislike
10 views
Your server, FreeBSD, Apache, php.

The site offers both over http and https. Bolted phpMyAdmin, here is the excerpt from httpd.conf

Alias /myadmin "/usr/local/www/sites/phpMyAdmin/"

<Directory "/usr/local/www/sites/phpMyAdmin/">
Options none
AllowOverride Limit

Order Deny,Allow
Deny from all
Allow from all



Noticed that someone goes through all popular addresses, hoping to stumble on phpMyAdmin
error.log:

[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/phpmyadmin
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/phpMyAdmin
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/db
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/web
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/PMA
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/admin
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/mysql



And as a result he still stumbles to the correct address. As the most simple (I'm a novice in these matters) to protect themselves from such a bust, or at least make them unsuccessful?

There is an idea to close the http access address mysite.ru/myadminthat would have opened only https (no redirects), but how to do it too, don't know yet.

What to do advise?

Thank you in advance.
by | 10 views

7 Answers

0 like 0 dislike
here here more if anything
by
0 like 0 dislike
If you need to make myadmin only on https, I would prefer to split http and https on different virtual hosts.
Will look something like this:
\r
\r
...
\r
\r
\r
Alias /myadmin "/usr/local/www/sites/phpMyAdmin/"
SSLEngine on
SSLCertificateFile /path/to/certificate
\r
\r
...
\r
\r
\r
The configuration file is in /usr/local/etc/apache22/extra and called something like httpd-vhosts.conf, but first it needs to be raskomentiruyte in the main config file of apache.
by
0 like 0 dislike
Strumming will always remain as passwords for SSH.
\r
As the most simple variant — to change the name of the folder where phpmyadmin is located, or put everything important in a subfolder, for example:
\rsite/xxsecret/phpmyadmin/
\r
As the second option .htaccess specifying their IP:
Order Allow,Deny
Deny From All
Allow From 127.0.0.1 127.0.0.2
by
0 like 0 dislike
in the deny from this address and enter. not?
by
0 like 0 dislike
fail2ban
by
0 like 0 dislike
Bust most often are bots with rather limited database of usernames-passwords. You can often do a good bunch of login and password.
About transfer phpmyadmin, it is easier to make a second host (config Apache) for https connections. And correspondingly for http: deby from all folder with phpmyadmin, for the second config: allow from all
by
0 like 0 dislike
You make the folder phpmyadmin and hang on to it with htaccess dlinnym password.
and phpMyAdmin put somewhere out of the way
And then read the logs and enjoy life.
by

Related questions

110,608 questions
257,186 answers
0 comments
27,094 users