Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
PostPosted: Fri Sep 14, 2012 4:25 pm 
Offline
Newbie

Joined: Wed Sep 05, 2012 3:02 pm
Posts: 2
I'm really puzzled. I'm trying to do what I've seen recommended in lots of places - to secure phpMyAdmin by restricting its directory to localhost connections and then using as SSH tunnel to access the directory. I believe I had everything set up correctly (normal web access to the directory - example.org/phpmyadmin - was now Forbidden) but I get the same Forbidden response when I try to connect via the SSH tunnel. The tunnel runs from port 8080 on my local machine to port 80 on my virtual server.

I do know (I think) that the tunnel is working correctly, because when I point my local browser at localhost:8080 the main web site on example.org comes up correctly. It's when I then try to go to localhost:8080/phpmyadmin that I get the Forbidden response.

Before I started all this, I was able to access phpMyAdmin correctly at example.com/phpmyadmin.

CentOS 6, Apache 2, server administered with Virtualmin.

What I did:
Inserted the following in the directives for my example.org virtual host
Code:
<Directory /home/(useraccount)/public_html/phpmyadmin>
    Order Deny,Allow
    Deny from All
    Allow from localhost
    Allow from 127.0.0.1
</Directory>


Tunnel command, issued on my local machine:
Code:
ssh -L 8080:example.org:80 useraccount@my_linode_address

iptables is set to accept incoming traffic on lo and 127.0.0.1

I was using this as a less critical test before trying to do the same thing with Virtualmin itself, but I won't even touch that until I get this one figured out. (I've also been able to unwind my changes and restore normal access to phpMyAdmin via the web.)

Anyone have any ideas?

Thanks!


Last edited by sjnorton on Fri Sep 21, 2012 1:17 pm, edited 1 time in total.

Top
   
PostPosted: Fri Sep 14, 2012 8:07 pm 
Offline
Senior Member

Joined: Sun May 23, 2010 1:57 pm
Posts: 315
Website: http://www.jebblue.net
Try ssh -L 127.0.0.1:8080:127.0.0.1:80 useraccount@my_linode_address


Top
   
PostPosted: Fri Sep 21, 2012 1:07 pm 
Offline
Newbie

Joined: Wed Sep 05, 2012 3:02 pm
Posts: 2
jebblue wrote:
Try ssh -L 127.0.0.1:8080:127.0.0.1:80 useraccount@my_linode_address


Wow, it worked! I think I see the problem, but none of the online references took this approach.

Thanks! :D


Top
   
PostPosted: Fri Sep 21, 2012 7:37 pm 
Offline
Senior Member

Joined: Sun May 23, 2010 1:57 pm
Posts: 315
Website: http://www.jebblue.net
Welcome, glad it worked for you sj. :-)


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group