I recently changed using the Event MPM in my Apache 2.4 installation, alongside PHP-FPM and FastCGI proxy, I hope that wasn't the reason for my problem. I also started working with name-based VirtualHost directives although I don't have multiple websites, Linux (specifically CentOS 7) is just a VM running behind NAT.
Before these changes, except the VM was still running behind NAT, it was working fine (at least I believe so, which I will explain later), but the "Require IP" is bothering me now.
<VirtualHost *:80>
DocumentRoot /home/website/public_html
<Directory /home/website>
Allow from all
Options +Indexes
AllowOverride All
</Directory>
<Location />
# Allow Internal IPs
Require ip 10.0.0.0/8
Require ip 172.16.0.0/12
Require ip 192.168.0.0/16
Require ip 0.0.0.0/8
Require ip 127.0.0.0/8
# Allow Company IPs
Require forward-dns broadband1.company.com
Require forward-dns broadband2.company.com
# Allow all IPs (comment it if disallowed)
Require all granted
</Location>
</VirtualHost>
So when I put the web files under the public_html folder, it works great. Brilliant! But then, I installed phpMyAdmin and modified phpMyAdmin.conf under /etc/httpd/conf.d/, like below:
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
# Allow Internal IPs
Require ip 10.0.0.0/8
Require ip 172.16.0.0/12
Require ip 192.168.0.0/16
Require ip 0.0.0.0/8
Require ip 127.0.0.0/8
# Allow Company IPs
Require forward-dns broadband1.company.com
Require forward-dns broadband2.company.com
# Was here by default
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
Unlike the above VirtualHost, this time, I didn't grant all IP addresses to have access to phpMyAdmin because it is extremely dangerous if they can break into the database with brute force.
Same applies to /server-status and /server-info, only specific IPs can have access to such pages and surely not Require all granted. But after we started using VirtualHost, they can access such pages so literally the "Require IP" section under phpMyAdmin.conf and the directives I created for /server-status and /server-info are not working properly.
Then I curiously tried and commented "Require all granted" from httpd.conf and see what happens and then phpMyAdmin is inaccessible as expected. So it looks like the "Require ip" is solely based on the VirtualHost. However, the other 3 pages are not mentioned under VirtualHost so I don't know what I have done wrong.
My question is: how to make that "Require ip" working again for phpMyAdmin and /server-status and /server-info? Thanks for your help in advance!
