The scanner shows the presence of critical vulnerabilities on phppgadmin. Can I somehow hide it or even disable it? Most likely with the shutdown hardly, because one of the databases uses pgsql. Advise how to get out of the situation? Can do some kind of complete disabling of remote access to the legal entity, disabling the message itself? or blocking the port?
1 answer
You can close access with a password at the web server level.
AuthType Basic AuthName "Private" AuthUserFile /usr/share/phpPgAdmin/.htpasswd Require valid-user in the /etc/httpd/conf.d/phppgadmin.conf file somewhere between lines
<Directory /usr/share/phpPgAdmin/> </Directory> and generate a file for the password with the command
htpasswd -cb /usr/share/phpPgAdmin/.htpasswd <пользователь> <пароль> Restart apache web server
systemctl restart httpd ps: some moments (such as a restart command or the location of configuration files) may differ from the versions of distributions.
vadim s. sabinich vadim s. sabinich
one
- @ vadim-s-sabinich, and vesta itself, if necessary, will have access to phpPgAdmin without a password? It turns out that I have the same picture with phpMyAdmin. I do not need external access to it (well, except by password, yes). But Vesta will definitely turn to this admin panel. And one more thing - I do not have an Apache, but nginx ((( - Jurchello
|