While phpMyAdmin is a terrific application to manage MySQL databases on your linux server, the default installation on Ubuntu (and presumably other *nix OS’s running Apache2) leaves access wide open to the Internet.

Personally, even if I use strong passwords, I still like to keep the number of services and web applications open to the Internet to a minimum. As a result, I chose to limit access based upon IP address range to my local network. This procedure is very simple to do, and will cause any remote attempts to access phpMyAdmin to be presented with a 403 Forbidden error, yet all local attempts will be let through without question.

Here’s the procedure:

• Ensure Apache and phpMyAdmin are both installed and working properly. You should be able to browse to http://<IP of Server>/phpmyadmin and login.
• Login to the server via SSH (or directly on the server itself)
• Type:

sudo nano /etc/apache2/conf.d/phpmyadmin.conf

• Add the following commands directly after the “<Directory /usr/share/phpmyadmin>” line (be sure to change 192.168.1.0/24 to the correct format for your network):

order deny, allow
deny from all
allow from 192.168.1.0/24

• Your screen should look similar to the following (I have a different IP Range for my network than shown above):

• Press Ctrl-X to exit, and then press Y to save the modified buffer.
• Restart apache by typing the following command:

sudo /etc/init.d/apache2 restart

• You should now only be able to access phpMyAdmin from a local address.