Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enabled remoteip mod for Apache #434

Merged
merged 2 commits into from
Apr 2, 2024
Merged

Enabled remoteip mod for Apache #434

merged 2 commits into from
Apr 2, 2024

Conversation

melle2
Copy link
Contributor

@melle2 melle2 commented Feb 3, 2024

I've enabled the remoiteip mod for Apache during build time. The reason is that now the remote ip address is posted to the log file if phpmyadmin is running behind a proxy - with the correct proxy configuration.
This can then be used i.e. with fail2ban to track and block IP addresses executing bruteforce attacks
grafik

@melle2 melle2 marked this pull request as ready for review February 3, 2024 11:47
@williamdes
Copy link
Member

Can you update https://github.com/phpmyadmin/docker/blob/master/Dockerfile-debian.template

And run ./update.sh

@melle2
Copy link
Contributor Author

melle2 commented Feb 3, 2024

Sorry, I should have read the comment on the top of the Apache Dockerfile 😬

@melle2
Copy link
Contributor Author

melle2 commented Feb 3, 2024

OK, after reviewing the changes, this solution does not work with that approach. PHP-FPM doesn't use Apache. Hence. this would not work with PHP-FPM build and ultimatley fail.

@melle2
Copy link
Contributor Author

melle2 commented Feb 3, 2024

What could be done here

cat "$template" >> "$variant/Dockerfile"

is something like

if [ "$variant" == "fpm" ]; then
	cat "$template" | sed -e "/a2enmod remoteip; \\\/d" >> $variant/Dockerfile
else
	cat "$template" >> "$variant/Dockerfile"
fi

But this feels more like a hack than a solution 😐

@williamdes what do you think?

@williamdes
Copy link
Member

See https://github.com/phpmyadmin/docker/blob/272944cc5a10f7740acacbe2a35c2c1f6d9a98c7/update.sh#L66C15-L66C46

You can add the line in the block, or add a new block with comments and it will be removed

@williamdes williamdes self-assigned this Apr 2, 2024
@williamdes williamdes merged commit 50b7203 into phpmyadmin:master Apr 2, 2024
31 of 32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants