I’m hosting a website trough CloudFlare, everything is working fine but I have some issues with the security settings for phpmyadmin. The best and recommended settings for phpmyadmin is to only allow the IP address from your client your working from. For example:
<IfModule mod_authz_core.c> # Apache 2.4 <RequireAny> Require ip 127.0.0.1 Require ip ::1 Require ip [my public ip] </RequireAny>
With these settings, only the listed ip’s have access to /phpmyadmin/ Everyone else will get a 403 forbidden error.
But when using CloudFlare, this does not work. Traffic between CloudFlare and the webserver is using a source ip from CloudFlare. Meaning that I can’t access /phpmyadmin/ from my client with above settings. It will give me a 403 forbidden error.
Now I could solve this in two ways:
- Adding “Require all granted” to the phpmyadmin config
- Adding CloudFlare ip ranges to the phpmyadmin config
But both are very bad security settings because it bassically means that everybody can access /phpmyadmin/
How can I configure CloudFlare (or phpmyadmin) to only allow access from my client ip and still using CloudFlare for security?
To clarify, /phpmyadmin/ works fine when I disable CloudFlare. But when I enable CloudFlare, the source ip of the traffic changes and thus the client ip settings in PHPmyadmin do not work and give me a 403 forbidden response.
I could not find any topic related to this on the internet. But I assume there are more users having this problem. Although many users use “require all granted” in their phpmyadmin config. But this is very bad practise.