99% ric 1% Znote. (Just shortening Rics tutorial and adding a .htaccess code in it.
Move folder
phpMyAdmin and all its content
UniServer\home\admin\www\phpMyAdmin
To folder admin
UniServer\home\
admin
Edit file
httpd.conf(Note your paths might be different)
UniServer\usr\local\apache2\conf\httpd.conf
Just above this section
Code:
Alias /apanel "C:/UniServer/home/admin/www/"
<Directory "C:/UniServer/home/admin/www/">
Options Indexes Includes
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Add this section
Code:
Alias /apanel/phpmyadmin "C:/UniServer/home/admin/phpMyAdmin /"
<Directory "C:/UniServer/home/admin/phpMyAdmin /">
Options Indexes Includes
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Copy .htaccess from C:/UniServer/home/admin/www/
paste it into
C:/UniServer/home/admin/phpmyadmin/
edit the .htaccess file in C:/UniServer/home/admin/phpmyadmin
Delete everything thats already there and write paste this in instead:
Code:
RewriteEngine on
AddHandler cgi-script .pl .cgi
Options +ExecCGI +FollowSymLinks
# Allow only GET and POST verbs
RewriteCond %{REQUEST_METHOD} !^(GET|POST)$ [NC,OR]
# Ban Typical Vulnerability Scanners and others
# Kick out Script Kiddies
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|wkito|pikto|scan|acunetix).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]
# Ban Search Engines, Crawlers to your administrative panel
# No reasons to access from bots
# Ultimately Better than the useless robots.txt
# Did google respect robots.txt?
# Try google: intitle:phpMyAdmin intext:"Welcome to phpMyAdmin *.*.*" intext:"Log in" -wiki -forum -forums -questions intext:"Cookies must be enabled"
RewriteCond %{HTTP_USER_AGENT} ^.*(AdsBot-Google|ia_archiver|Scooter|Ask.Jeeves|Baiduspider|Exabot|FAST.Enterprise.Crawler|FAST-WebCrawler|www\.neomo\.de|Gigabot|Mediapartners-Google|Google.Desktop|Feedfetcher-Google|Googlebot|heise-IT-Markt-Crawler|heritrix|ibm.com\cs/crawler|ICCrawler|ichiro|MJ12bot|MetagerBot|msnbot-NewsBlogs|msnbot|msnbot-media|NG-Search|lucene.apache.org|NutchCVS|OmniExplorer_Bot|online.link.validator|psbot0|Seekbot|Sensis.Web.Crawler|SEO.search.Crawler|Seoma.\[SEO.Crawler\]|SEOsearch|Snappy|www.urltrends.com|www.tkl.iis.u-tokyo.ac.jp/~crawler|SynooBot|[email protected]|TurnitinBot|voyager|W3.SiteSearch.Crawler|W3C-checklink|W3C_Validator|www.WISEnutbot.com|yacybot|Yahoo-MMCrawler|Yahoo\!.DE.Slurp|Yahoo\!.Slurp|YahooSeeker).* [NC]
RewriteRule .* - [F]
That gives some protection when phpMyAdmin is on line.
Remember to use auth type
cookie or httpd, if you use config you can easy get hacked!
After these changes, stop apache, wait 5 sec, start apache.
Now, just like normal, enter /apanel/phpmyadmin to access phpmyadmin. You will gain access to /apanel/phpmyadmin, but you will NOT gain access to just /apanel/