Re: Apache Configuration

   1. Choose an appropriate distribution kit from the
phpmyadmin.netDownloads page. Some kits contain only the English
messages, others contain
   all languages in UTF-8 format (this should be fine in most situations),
   others contain all languages and all character sets. We'll assume you chose
   a kit whose name looks like phpMyAdmin-x.x.x-all-languages.tar.gz.
   2. Untar or unzip the distribution (be sure to unzip the subdirectories):
   tar -xzvf phpMyAdmin_x.x.x-all-languages.tar.gz in your webserver's
   document root. If you don't have direct access to your document root, put
   the files in a directory on your local machine, and, after step 4, transfer
   the directory on your web server using, for example, ftp.
   3. Ensure that all the scripts have the appropriate owner (if PHP is
   running in safe mode, having some scripts with an owner different from the
   owner of other scripts will be a problem). See FAQ
4.2<http://www.phpmyadmin.net/documentation/Documentation.html#faq4_2>and
   FAQ 1.26<http://www.phpmyadmin.net/documentation/Documentation.html#faq1_26>for
suggestions.
   4. *Now you must configure your installation. There are two methods that
   can be used. Traditionally, users have hand-edited a copy of
   config.inc.php, but now a wizard-style setup script is provided for those
   who prefer a graphical installation.* Creating a config.inc.php is still
   a quick way to get started and needed for some advanced features.
      - To manually create the file, simply use your text editor to create
      the file config.inc.php (you can copy config.sample.inc.php to get
      minimal configuration file) in the main (top-level) phpMyAdmin directory
      (the one that contains index.php). phpMyAdmin first loads
      libraries/config.default.php and then overrides those values with
      anything found in config.inc.php. If the default value is okay for a
      particular setting, there is no need to include it in config.inc.php.
      You'll need a few directives to get going, a simple
configuration may look
      like this:

      <?php
      $cfg['blowfish_secret'] = 'ba17c1ec07d65003';  // use here a
value of your choice

      $i=0;
      $i++;
      $cfg['Servers'][$i]['auth_type']     = 'cookie';
      ?>

      Or, if you prefer to not be prompted every time you log in:

      <?php

      $i=0;
      $i++;
      $cfg['Servers'][$i]['user']          = 'root';
      $cfg['Servers'][$i]['password']      = 'cbb74bc'; // use here
your password
      $cfg['Servers'][$i]['auth_type']     = 'config';
      ?>

      For a full explanation of possible configuration values, see the
Configuration
      Section<http://www.phpmyadmin.net/documentation/Documentation.html#config>of
this document.
      - Instead of manually editing config.inc.php, you can use the Setup
      Script <http://www.phpmyadmin.net/documentation/setup/>. First you
      must manually create a folder config in the phpMyAdmin directory. This
      is a security measure. On a Linux/Unix system you can use the following
      commands:

      cd phpMyAdmin
      mkdir config                        # create directory for saving
      chmod o+rw config                   # give it world writable permissions

      And to edit an existing configuration, copy it over first:

      cp config.inc.php config/           # copy current configuration
for editing
      chmod o+w config/config.inc.php     # give it world writable permissions

      On other platforms, simply create the folder and ensure that your web
      server has read and write access to it. FAQ
1.26<http://www.phpmyadmin.net/documentation/Documentation.html#faq1_26>can
help with this.

      Next, open setup/ <http://www.phpmyadmin.net/documentation/setup/> in
      your browser. Note that *changes are not saved to disk until
      explicitly choose Save* from the *Configuration* area of the screen.
      Normally the script saves the new config.inc.php to the
config/directory, but if the webserver does not have the proper
permissions you may
      see the error "Cannot load or save configuration." Ensure that the
      config/ directory exists and has the proper permissions - or use the
      Download link to save the config file locally and upload (via FTP or
      some similar means) to the proper location.

      Once the file has been saved, it must be moved out of the
config/directory and the permissions must be reset, again as a
security measure:

      mv config/config.inc.php .         # move file to current directory
      chmod o-rw config.inc.php          # remove world read and write
permissions
      rm -rf config                      # remove not needed directory

      Now the file is ready to be used. You can choose to review or edit the
      file with your favorite editor, if you prefer to set some
advanced options
      which the setup script does not provide.
   5. If you are using the auth_type "config", it is suggested that you
   protect the phpMyAdmin installation directory because using config does not
   require a user to enter a password to access the phpMyAdmin installation.
   Use of an alternate authentication method is recommended, for example with
   HTTP–AUTH in a
*.htaccess*<http://www.phpmyadmin.net/documentation/Documentation.html#glossary>file
or switch to using
   auth_type cookie or http. See the multi–user
sub–section<http://www.phpmyadmin.net/documentation/Documentation.html#faqmultiuser>of
this
   FAQ for additional information, especially FAQ
4.4<http://www.phpmyadmin.net/documentation/Documentation.html#faq4_4>
   .
   6. Open the main phpMyAdmin
directory<http://www.phpmyadmin.net/documentation/index.php>in your
browser. phpMyAdmin should now display a welcome screen and your
   databases, or a login dialog if using HTTP or cookie authentication mode.
   7. You should deny access to the ./libraries and ./setup/lib subfolders
   in your webserver configuration. For Apache you can use supplied .htaccess
   file in that folder, for other webservers, you should configure this
   yourself. Such configuration prevents from possible path exposure and cross
   side scripting vulnerabilities that might happen to be found in that code.
   8. It is generally good idea to protect public phpMyAdmin installation
   against access by robots as they usually can not do anything good there. You
   can do this using robots.txt file in root of your webserver or limit
   access by web server configuration. You can find example .htaccess file
   which can help you achieve this in contrib directory in phpMyAdmin.

> <VirtualHost *:80>
>     ServerAdmin *********************
>     ServerName www.myurl.com
>     DirectoryIndex index.html #index.mhtml
>     DocumentRoot /var/www/www.myurl.com
>     AddType  text/html  .html #.mhtml
>         # Set Perl Variable SiteName with name of site for handler.pl
>         #PerlSetVar site myurl
>         #PerlRequire /var/www/handler.pl
>     <LocationMatch "(\.html|\.txt|\.pl|\.mhtml|dhandler|autohandler)$">
>       #SetHandler perl-script
>       #PerlHandler HTML::Mason
>     </LocationMatch>
>     <DirectoryMatch "/var/www/phpMyAdmin-3.4.3.1-english">
>       AllowOverride All
>       Options None
>       Order allow,deny
>       Allow from all
>     </DirectoryMatch>
>     ScriptAlias /cgi-bin/ "/var/www/www.myurl.com/cgi-bin/"
>     <Directory "/var/www/www.myurl.com/cgi-bin">
>       AllowOverride All
>       Options None
>       Order allow,deny
>       Allow from all
>     </Directory>
>     ErrorLog syslog:local1
>     ErrorLog /var/log/httpd/www.myurl.com.error
> CustomLog /var/log/httpd/www.myurl.com.access common
> </VirtualHost>