Good morning, Is there a way to block phpMyAdmin access when not logged on ISPConfig ? I managed to block access when the ISPConfig cookie is absent, using .htaccess, but I didn't found any what to check if the cookie is valid or not, and if the cookie is related to an active connection. My current .htaccess: Code: RewriteEngine on RewriteCond %{HTTP_COOKIE} !ISPCSESS\= [NC] RewriteRule .* - [R=401,L] Can you help me?
I did the same type of session check for monit, which you can refer to. It is tenuous at best, treating session_data as a string rather than serialized data, and it could break at any time. In fact, some upcoming/in progress changes could well affect it in the next ispconfig release. Code: AuthzDBDQuery "SELECT 'monit' FROM sys_session WHERE session_id = %s and session_data like '%%monitor/show_monit.php%%'" A better solution would probably figure out how to have apache call a php app which reads sys_session and properly deserializes it. Or rewrite the session handling to structure data in db fields rather than serializing a php array.
