How to disable http access to a specific website address?

Question

How to disable http access to a specific website address?

50 views

Your server, FreeBSD, Apache, php.

The site offers both over http and https. Bolted phpMyAdmin, here is the excerpt from httpd.conf

Alias /myadmin "/usr/local/www/sites/phpMyAdmin/"

<Directory "/usr/local/www/sites/phpMyAdmin/">
Options none
AllowOverride Limit

Order Deny,Allow
Deny from all
Allow from all

Noticed that someone goes through all popular addresses, hoping to stumble on phpMyAdmin

error.log:

[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/phpmyadmin
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/phpMyAdmin
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/db
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/web
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/PMA
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/admin
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/mysql

And as a result he still stumbles to the correct address. As the most simple (I'm a novice in these matters) to protect themselves from such a bust, or at least make them unsuccessful?

There is an idea to close the http access address mysite.ru/myadminthat would have opened only https (no redirects), but how to do it too, don't know yet.

What to do advise?

Thank you in advance.

asked Mar 20, 2019 by seventh | 50 views

7 Answers

netme · Answer 1 · 2019-03-23T02:59:05+0000

If you need to make myadmin only on https, I would prefer to split http and https on different virtual hosts.
Will look something like this:
\r
\r
...
\r
\r
\r
Alias /myadmin "/usr/local/www/sites/phpMyAdmin/"
SSLEngine on
SSLCertificateFile /path/to/certificate
\r
\r
...
\r
\r
\r
The configuration file is in /usr/local/etc/apache22/extra and called something like httpd-vhosts.conf, but first it needs to be raskomentiruyte in the main config file of apache.

lehha · Answer 2 · 2019-03-23T02:59:05+0000

Strumming will always remain as passwords for SSH.
\r
As the most simple variant — to change the name of the folder where phpmyadmin is located, or put everything important in a subfolder, for example:
\rsite/xxsecret/phpmyadmin/
\r
As the second option .htaccess specifying their IP:
Order Allow,Deny
Deny From All
Allow From 127.0.0.1 127.0.0.2

lehha · Answer 3 · 2019-03-23T02:59:05+0000

Bust most often are bots with rather limited database of usernames-passwords. You can often do a good bunch of login and password.
About transfer phpmyadmin, it is easier to make a second host (config Apache) for https connections. And correspondingly for http: deby from all folder with phpmyadmin, for the second config: allow from all

digreen · Answer 4 · 2019-03-23T02:59:05+0000

You make the folder phpmyadmin and hang on to it with htaccess dlinnym password.
and phpMyAdmin put somewhere out of the way
And then read the logs and enjoy life.

How to disable http access to a specific website address?

Please log in or register to add a comment.

Please log in or register to answer this question.

7 Answers

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Related questions

Most popular tags