restrict directory in apache virtual host

Hi everyone,
i have a problem when i try to restrict the access to
phpMyAdmin directory in my virtual host

  • i create a virtual host in /srv/www/htdocs/myweb.com
    and in /etc/apache2/vhosts.d/myweb.conf i configure it below:
    <Directory “/srv/www/htdocs/myweb.com/phpMyAdmin/”>
    order deny,allow
    deny from all
    allow from 127
    </Directory>

but i still can access to it on the internet using
www.myweb.com/phpMyAdmin

any idea, Please advice!:sarcastic:

Post your myweb.conf file. Is that directory element enclosed within the virtualhost element?

The below lines worked for me

<Directory “/var/lib/mediawik/” >
Order Deny,Allow
Deny from all
Allow from x.x.x.x/16
</Directory>

<VirtualHost 11x.10x.18x.xx:80>
ServerAdmin webmaster@myweb.com
ServerName myweb.com

DocumentRoot /srv/www/htdocs/myweb.com

# if not specified, the global error log is used
ErrorLog /var/log/apache2/dcna.log
CustomLog /var/log/apache2/dcna.log combined

# don't loose time with IP address lookups
HostnameLookups Off

# needed for named virtual hosts
UseCanonicalName Off

# configures the footer on server-generated documents

ServerSignature On

ScriptAlias /cgi-bin/ "/srv/www/vhosts/myweb.com/cgi-bin/"


&lt;Directory "/srv/www/htdocs/myweb.com/cgi-bin"&gt;
AllowOverride None
Options +ExecCGI -Includes
Order allow,deny
Allow from all
&lt;/Directory&gt;



&lt;IfModule mod_userdir.c&gt;

UserDir disabled

&lt;/IfModule&gt;


#
# This should be changed to whatever you set DocumentRoot to.
#
&lt;Directory "/srv/www/vhosts/myweb.com"&gt;


Options Indexes FollowSymLinks


AllowOverride None


Order allow,deny
Allow from all

&lt;/Directory&gt;

<Directory “/srv/www/htdocs/myweb.com/phpMyAdmin/”>
order deny,allow
deny from all
allow from 127
</Directory>

</VirtualHost>

Remember that the restriction only works if you are going through this virtualhost. If you are going through another virtualhost, or if virtualhost is not really working, it’s still accessible as

http://another.host/myweb.com/phpMyAdmin/

Which is why it’s a good idea to close it off in the base configuration, and then selectively allow in the virtualhost, since the virtualhosts will inherit the base permissions. Or move the directory outside of the htdocs area.

Could you tell me how to close it off in the base configuration. because i don’t want to move it out from htdocs directory.:expressionless:

Just put a <Directory> restriction outside of any <VirtualHost> element.

Even i put it outside <VirtualHost> it still doesn’t work. i still can access to it…:frowning: