Disallow access for certain database users in PHPMyAdmin Add this to the end of the PHPMyAdmin config (/usr/share/phpmyadmin/config.inc.php): Code: // Disallow login from root and ispconfig users $cfg['Servers'][$i]['AllowRoot'] = FALSE; $cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow'; $cfg['Servers'][$i]['AllowDeny']['rules'] = array( 'deny ispconfig from all', 'deny debian-sys-maint from all', ); (Thanks @Jesse Norell for this snippet) Only allow certain IP addresses to access PHPMyAdmin: This guide explains how to do this with Apache2. Code: sudo nano /etc/apache2/conf-available/phpmyadmin.conf Add this under <Directory /usr/share/phpmyadmin>: Code: AllowOverride AuthConfig Now restart Apache2: Code: sudo systemctl restart apache2 Open a .htaccess file in the PHPMyAdmin web folder: Code: sudo nano /usr/share/phpmyadmin/.htaccess Add this: Code: # Allow access from trusted IP addresses: <RequireAny> Require all denied Require ip 93.184.216.34 Require ip 10.0.64.0/24 </RequireAny> Change the IP address/range to the IP addresses you want to allow. Two-factor authentication for PHPMyAdmin You can set up two-factor authentication by logging in to PHPMyAdmin and going to settings -> Two-factor authentication. Only allow certain IP addresses to access rspamd: This guide explains how to do this with Apache2. Go to the site you created for your host (for example, mx1.example.com) in the ISPConfig panel. If you followed one of the guides to set up rspamd on the forum, the following snippet has to be used: Code: <Location /rspamd> <RequireAny> Require all denied Require ip 93.184.216.34 Require ip 10.0.64.0/24 </RequireAny> </Location> Change the IP address/range to the IP addresses you want to allow. Make sure to disable the Apps vhost so others can't access it through server1.example.com:8081/rspamd. In the panel, go to System -> Server Config -> server1.example.com -> Web -> Apps Vhost Settings -> Uncheck the "Apps-vhost enabled" checkbox. (Thanks @30uke for mentioning this!)
Nice. It seems that Russian bloc is the biggest investors of Ngnix. I like Apache2 myself. It has much more options, easier to configure and now the newest event mpm - very fast!
Please note: I did follow the guide "https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/" and I did notice rspamd is set at [System] > [Server Config] > [...] > [Mail] Take note of "Rspamd URL" and "Rspamd Password" rspamd is defined in /etc/apache2/sites-available/apps.vhost and starts with <Location /rspamd> I did change the portion Code: <Location /rspamd> Order allow,deny Allow from all </Location> into Code: <Location /rspamd> <RequireAny> Require all denied Require ip 86.nn.nnn.86 Require ip 2001:nnn:nnnn:73::/64 </RequireAny> </Location> Note: IP addresses have been redacted by masking with "n"...
Good point, I have the Apps vhost disabled so this is no problem for me but as it is enabled by default, I will add this to the thread tomorrow.
IMHO, this snippet should also be used for the phpmyadmin case. As the Apache config has to be altered anyway, there is no need to additionally create a .htaccess file. Just place it directly in the config.
In this case: yes. I don't see another way. But I guess best is to avoid this as it might nog survive an update of ISPconfig - but I am not sure if that's true. @Th0m? What would be best practice?
This file is not managed by ispconfig, so it will survive updates. However, it is installed via the apt package manager and will not survive an phpmyadmin update if(!) the user chooses to overwrite config files. But that will also affect the current version (and in both cases you will probably not notice this)
Guys, is there same thing can be applied to the mail system to allow access from specific ip addresses only?
Surely, but that works in a completely different way. Just restrict access to certain IP adresses in the firewall on the IMAP and POP3 ports (but not port 25 if you want to be able to receive from other servers)
Could you demonstrate some working template? Plain syntax portion without an explanation is more, than enough.
