有没有办法阻止phpMyAdmin在我的服务器上访问,同时仍然保持安装,以防万一以后需要?
您可以创build一个名为.htaccess的文件,并将其放置在phpMyAdmin安装目录中,其内容如下:
deny from all
如果你有一个VirtualHostconfiguration,你需要像这样启用它;
<VirtualHost *:80> DocumentRoot /var/www/html ServerName www.mydomain.com .... <Directory /var/www/html> AllowOverride All </Directory> ... </VirtualHost>
如果你使用默认的apache httpd.conf,也就是你的文件在/var/www/html那么你需要像这样更改/etc/httpd/conf/httpd.conf文件,并且service httpd restart改变;
<Directory "/var/www/html"> ... # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None
对此;
<Directory "/var/www/html"> ... # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride All <------change this
作为进一步的安全build议。 我通常会build议在生产和开发过程中限制对phpMyAdmin安装文件夹的访问,只是因为phpMyAdmin很容易打开,而且受到漫游者自动开发的机器人的欢迎。你可以允许自己的IP(如果你有一个已知的静态IP就像这样;)
Order Deny,Allow Deny from all Allow from 123.123.123.123