On Tue, Mar 21, 2017 at 07:56:55AM +0000, Stuart Henderson wrote: > On 2017/03/20 15:03, Paul Irofti wrote: > > phpMyAdmin has been installed into ${INSTDIR}. > > > > If using Apache, you can make this accessible to clients by enabling > > -the configuration file: > > +mod_rewrite in ${SYSCONFDIR}/apache2/httpd2.conf, the mysql php module, > > +and the configuration file: > > > > # ln -s ../modules.sample/phpmyadmin.conf /var/www/conf/modules/ > > + # cp /etc/php-5.6.sample/mysqli.ini /etc/php-5.6/ > > Please symlink rather than cp, and use variables so this doesn't > get stale after a PHP update: > > # ln -s ../php-${MODPHP_VERSION}.sample/mysqli.ini > ${SYSCONFDIR}/php-${MODPHP_VERSION}/ > what about this one ? I added an nginx example and renamed the httpd file to apache2, phpmyadmin-httpd will be the httpd(8) example. Cheers Giovanni
Index: Makefile =================================================================== RCS file: /var/cvs/ports/www/phpmyadmin/Makefile,v retrieving revision 1.128 diff -u -p -r1.128 Makefile --- Makefile 1 Feb 2017 08:52:36 -0000 1.128 +++ Makefile 24 Mar 2017 21:04:21 -0000 @@ -3,6 +3,7 @@ COMMENT= tool to handle the administration of MySQL over the web V= 4.6.6 +REVISION= 0 PKGNAME= phpMyAdmin-$V DISTNAME= phpMyAdmin-$V-all-languages @@ -32,8 +33,10 @@ RUN_DEPENDS= lang/php/${MODPHP_VERSION}, lang/php/${MODPHP_VERSION},-gd post-extract: - ${SUBST_CMD} -m 0644 -c ${FILESDIR}/phpMyAdmin-httpd.conf \ - ${WRKSRC}/examples/phpMyAdmin-httpd.conf + ${SUBST_CMD} -m 0644 -c ${FILESDIR}/phpMyAdmin-apache2.conf \ + ${WRKSRC}/examples/phpMyAdmin-apache2.conf + ${SUBST_CMD} -m 0644 -c ${FILESDIR}/phpMyAdmin-nginx.conf \ + ${WRKSRC}/examples/phpMyAdmin-nginx.conf do-install: @find ${WRKSRC} -type f -name "*.orig" -exec rm -f {} \; Index: files/phpMyAdmin-apache2.conf =================================================================== RCS file: files/phpMyAdmin-apache2.conf diff -N files/phpMyAdmin-apache2.conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/phpMyAdmin-apache2.conf 20 Mar 2017 15:09:51 -0000 @@ -0,0 +1,33 @@ +# $OpenBSD: phpMyAdmin-httpd.conf,v 1.2 2013/01/18 15:17:43 giovanni Exp $ + +Alias /phpMyAdmin ${INSTDIR} + +<IfModule !mod_rewrite.c> + LoadModule rewrite_module /usr/lib/apache/modules/mod_rewrite.so + + RewriteEngine on + + # Allow only GET and POST verbs + RewriteCond %{REQUEST_METHOD} !^(GET|POST)$ [NC,OR] + + # Ban Typical Vulnerability Scanners and others + # Kick out Script Kiddies + RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR] + RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|wkito|pikto|scan|acunetix).* [NC,OR] + RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR] + + # Ban Search Engines, Crawlers to your administrative panel + # No reasons to access from bots + # Ultimately Better than the useless robots.txt + # Did google respect robots.txt? + # Try google: intitle:phpMyAdmin intext:"Welcome to phpMyAdmin *.*.*" intext:"Log in" -wiki -forum -forums -questions intext:"Cookies must be enabled" + RewriteCond %{HTTP_USER_AGENT} ^.*(AdsBot-Google|ia_archiver|Scooter|Ask.Jeeves|Baiduspider|Exabot|FAST.Enterprise.Crawler|FAST-WebCrawler|www\.neomo\.de|Gigabot|Mediapartners-Google|Google.Desktop|Feedfetcher-Google|Googlebot|heise-IT-Markt-Crawler|heritrix|ibm.com\cs/crawler|ICCrawler|ichiro|MJ12bot|MetagerBot|msnbot-NewsBlogs|msnbot|msnbot-media|NG-Search|lucene.apache.org|NutchCVS|OmniExplorer_Bot|online.link.validator|psbot0|Seekbot|Sensis.Web.Crawler|SEO.search.Crawler|Seoma.\[SEO.Crawler\]|SEOsearch|Snappy|www.urltrends.com|www.tkl.iis.u-tokyo.ac.jp/~crawler|SynooBot|crawleradmin.t-i...@telekom.de|TurnitinBot|voyager|W3.SiteSearch.Crawler|W3C-checklink|W3C_Validator|www.WISEnutbot.com|yacybot|Yahoo-MMCrawler|Yahoo\!.DE.Slurp|Yahoo\!.Slurp|YahooSeeker).* [NC] + RewriteRule .* - [F] +</IfModule> + +<Directory ${INSTDIR}> + AllowOverride All + + # Default to only permitting access from localhost. + Require local +</Directory> Index: files/phpMyAdmin-httpd.conf =================================================================== RCS file: files/phpMyAdmin-httpd.conf diff -N files/phpMyAdmin-httpd.conf --- files/phpMyAdmin-httpd.conf 18 Jan 2013 15:17:43 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,35 +0,0 @@ -# $OpenBSD: phpMyAdmin-httpd.conf,v 1.2 2013/01/18 15:17:43 giovanni Exp $ - -Alias /phpMyAdmin ${INSTDIR} - -<IfModule !mod_rewrite.c> - LoadModule rewrite_module /usr/lib/apache/modules/mod_rewrite.so - - RewriteEngine on - - # Allow only GET and POST verbs - RewriteCond %{REQUEST_METHOD} !^(GET|POST)$ [NC,OR] - - # Ban Typical Vulnerability Scanners and others - # Kick out Script Kiddies - RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR] - RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|wkito|pikto|scan|acunetix).* [NC,OR] - RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR] - - # Ban Search Engines, Crawlers to your administrative panel - # No reasons to access from bots - # Ultimately Better than the useless robots.txt - # Did google respect robots.txt? - # Try google: intitle:phpMyAdmin intext:"Welcome to phpMyAdmin *.*.*" intext:"Log in" -wiki -forum -forums -questions intext:"Cookies must be enabled" - RewriteCond %{HTTP_USER_AGENT} ^.*(AdsBot-Google|ia_archiver|Scooter|Ask.Jeeves|Baiduspider|Exabot|FAST.Enterprise.Crawler|FAST-WebCrawler|www\.neomo\.de|Gigabot|Mediapartners-Google|Google.Desktop|Feedfetcher-Google|Googlebot|heise-IT-Markt-Crawler|heritrix|ibm.com\cs/crawler|ICCrawler|ichiro|MJ12bot|MetagerBot|msnbot-NewsBlogs|msnbot|msnbot-media|NG-Search|lucene.apache.org|NutchCVS|OmniExplorer_Bot|online.link.validator|psbot0|Seekbot|Sensis.Web.Crawler|SEO.search.Crawler|Seoma.\[SEO.Crawler\]|SEOsearch|Snappy|www.urltrends.com|www.tkl.iis.u-tokyo.ac.jp/~crawler|SynooBot|crawleradmin.t-i...@telekom.de|TurnitinBot|voyager|W3.SiteSearch.Crawler|W3C-checklink|W3C_Validator|www.WISEnutbot.com|yacybot|Yahoo-MMCrawler|Yahoo\!.DE.Slurp|Yahoo\!.Slurp|YahooSeeker).* [NC] - RewriteRule .* - [F] -</IfModule> - -<Directory ${INSTDIR}> - AllowOverride All - - # Default to only permitting access from localhost. - Order deny,allow - Deny from all - Allow from 127.0.0.1 -</Directory> Index: files/phpMyAdmin-nginx.conf =================================================================== RCS file: files/phpMyAdmin-nginx.conf diff -N files/phpMyAdmin-nginx.conf --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/phpMyAdmin-nginx.conf 24 Mar 2017 21:07:06 -0000 @@ -0,0 +1,30 @@ +index index.php index.html index.htm; + +location ~ \.php$ { + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_read_timeout 240; + include fastcgi_params; +} + +location /phpMyAdmin/ { + allow 127.0.0.1; + deny all; + + if ($request_method !~ "^(GET|POST)$"){ + return 403; + } + if ($http_user_agent ~* "^(java|curl|wget).*"){ + return 403; + } + if ($http_user_agent ~* "^.*(libwww-perl|curl|wget|python|nikto|wkito|pikto|scan|acunetix).*"){ + return 403; + } + if ($http_user_agent ~* "^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).*"){ + return 403; + } + if ($http_user_agent ~* "^.*(AdsBot-Google|ia_archiver|Scooter|Ask.Jeeves|Baiduspider|Exabot|FAST.Enterprise.Crawler|FAST-WebCrawler|www\.neomo\.de|Gigabot|Mediapartners-Google|Google.Desktop|Feedfetcher-Google|Googlebot|heise-IT-Markt-Crawler|heritrix|ibm.com\cs/crawler|ICCrawler|ichiro|MJ12bot|MetagerBot|msnbot-NewsBlogs|msnbot|msnbot-media|NG-Search|lucene.apache.org|NutchCVS|OmniExplorer_Bot|online.link.validator|psbot0|Seekbot|Sensis.Web.Crawler|SEO.search.Crawler|Seoma.\[SEO.Crawler\]|SEOsearch|Snappy|www.urltrends.com|www.tkl.iis.u-tokyo.ac.jp/~crawler|SynooBot|crawleradmin.t-i...@telekom.de|TurnitinBot|voyager|W3.SiteSearch.Crawler|W3C-checklink|W3C_Validator|www.WISEnutbot.com|yacybot|Yahoo-MMCrawler|Yahoo\!.DE.Slurp|Yahoo\!.Slurp|YahooSeeker).*"){ + return 403; + } +} Index: pkg/PLIST =================================================================== RCS file: /var/cvs/ports/www/phpmyadmin/pkg/PLIST,v retrieving revision 1.63 diff -u -p -r1.63 PLIST --- pkg/PLIST 1 Feb 2017 08:52:36 -0000 1.63 +++ pkg/PLIST 24 Mar 2017 21:04:36 -0000 @@ -143,7 +143,7 @@ phpMyAdmin/error_report.php phpMyAdmin/examples/ phpMyAdmin/examples/config.manyhosts.inc.php phpMyAdmin/examples/openid.php -phpMyAdmin/examples/phpMyAdmin-httpd.conf +phpMyAdmin/examples/phpMyAdmin-apache2.conf @sample /var/www/conf/modules.sample/ @sample /var/www/conf/modules.sample/phpmyadmin.conf phpMyAdmin/examples/signon-script.php Index: pkg/README =================================================================== RCS file: /var/cvs/ports/www/phpmyadmin/pkg/README,v retrieving revision 1.5 diff -u -p -r1.5 README --- pkg/README 1 Sep 2016 15:23:55 -0000 1.5 +++ pkg/README 24 Mar 2017 21:14:33 -0000 @@ -7,10 +7,13 @@ $OpenBSD: README,v 1.5 2016/09/01 15:23: phpMyAdmin has been installed into ${INSTDIR}. If using Apache, you can make this accessible to clients by enabling -the configuration file: +mod_rewrite in ${SYSCONFDIR}/apache2/httpd2.conf, the mysql php module, +and the configuration file: # ln -s ../modules.sample/phpmyadmin.conf /var/www/conf/modules/ - # /etc/rc.d/apache2 restart + # ln -s ${SYSCONFDIR}/php-${MODPHP_VERSION}.sample/mysqli.ini \ +${SYSCONFDIR}/php-${MODPHP_VERSION}/ + # rcctl restart apache2 By default, this sets an alias for /phpMyAdmin and restricts access to connections coming from localhost.
signature.asc
Description: PGP signature