howto - disable default remote access to sql, enable webserver access automatically

Discussion in 'Tips/Tricks/Mods' started by radim_h, Aug 28, 2012.

  1. radim_h

    radim_h Member

    Maybe someone can use this
    .
    I have multiserver setup, where Database server is different then webserver
    server1: ISPConfig webinterface, DNS, oldwebserver
    server2: mailserver, dbserver

    When you add Database in Sites=> Database menu, there is Remote Access IPs field (separate by , and leave blank for any)

    I don't like that access to mysql server is enabled by default from anywhere. Want to explicitly allow all accessing IPs . And i also need webserver to have allowed access to DB by default (my clients will never know what to fill into that field)

    It's easy:
    On Database server edit file
    /usr/local/ispconfig/server/plugins-available/mysql_clientdb_plugin.inc.php

    and change
    //if(trim($host_list) == "") $host_list = '%';
    to
    if(trim($host_list) == "") $host_list = '1.2.3.4';

    and also change
    //if(!is_array($host_list)) $host_list = explode(',', $host_list);
    to
    if(!is_array($host_list)) {$host_list = split(',', $host_list); $host_list[] = '1.2.3.4';}

    where 1.2.3.4 is adress of your webserver (or any server you want to allow acces to by default)

    You can check result in Privileges table in phpMyAdmin
     
    Last edited: Aug 28, 2012
  2. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    In current svn version (3.0.5) the web-server that the database is assigned to is automatically added to the remote ips.
    Please do NOT use php function split as it is highly deprecated! Use explode instead.
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no default access from everywhere. This field is used in combination with the remote access checkbox only, so the ddefault is that databases can be accessed from localhost only and not from everywhere.
     
  4. radim_h

    radim_h Member

    sorry, didn't see that checkbox, i'm using modified template...
    .. happy is integrated in 3.0.5, i will not need change code after update
     

Share This Page