Secure PHPMyAdmin by IP Address

As PHPMyAdmin allows you access into your MySQL instance, it is imperative you secure by using complex passwords for your mysql logins.

I have also secured it by adding IP restrictions, so that only authorised machines can connect to it.  This can be done by editing the /etc/apache2/conf.d/phpmyadmin.conf file, this can be done as follows:

sudo nano /etc/apache2/conf.d/phpmyadmin.conf

You can add any number of public and private IP addresses or subnets eg.

Order allow,deny
Allow from 127.0.0.1
Allow from 77.66.33.0/24

You need to put these IP restrictions under the <Directory /usr/share/phpmyadmin> section for /phpmyadmin and under the <Directory /usr/share/phpmyadmin/setup> section for the /setup

eg:# phpMyAdmin default Apache configuration

Alias /phpmyadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
Order allow,deny
Allow from 127.0.0.1
Allow from 77.66.33.0/24
<IfModule mod_php5.c>
AddType application/x-httpd-php .php

php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
</IfModule>

</Directory>

# Authorize for setup
<Directory /usr/share/phpmyadmin/setup>
Order allow,deny
Allow from 127.0.0.1
Allow from 77.66.33.0/24

<IfModule mod_authn_file.c>
AuthType Basic
AuthName "phpMyAdmin Setup"
AuthUserFile /etc/phpmyadmin/htpasswd.setup
</IfModule>
Require valid-user
</Directory>

# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/libraries>
Order Deny,Allow
Deny from All
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
Order Deny,Allow
Deny from All
</Directory>