diff --git a/lib/os/class.ISPConfigDebianOS.inc.php b/lib/os/class.ISPConfigDebianOS.inc.php
index 309971d27cbb89ca0ccfaa9955f4b7a500590496..9df260174a91fa1764ca1b53a162df70e67e29e5 100644
--- a/lib/os/class.ISPConfigDebianOS.inc.php
+++ b/lib/os/class.ISPConfigDebianOS.inc.php
@@ -282,38 +282,44 @@ class ISPConfigDebianOS extends ISPConfigBaseOS {
Alias /phpmyadmin /usr/share/phpmyadmin
- Options FollowSymLinks
- DirectoryIndex index.php
+ Options SymLinksIfOwnerMatch
+ DirectoryIndex index.php
-
- AddType application/x-httpd-php .php
+ # limit libapache2-mod-php to files and directories necessary by pma
+
+ php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
+ php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/:/usr/share/javascript/
+
- php_flag magic_quotes_gpc Off
- php_flag track_vars On
- php_flag register_globals Off
- php_value include_path .
-
+ # PHP 8+
+
+ php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
+ php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/:/usr/share/javascript/
+
# Authorize for setup
-
- AuthType Basic
- AuthName "phpMyAdmin Setup"
- AuthUserFile /etc/phpmyadmin/htpasswd.setup
-
- Require valid-user
+
+
+ AuthType Basic
+ AuthName "phpMyAdmin Setup"
+ AuthUserFile /etc/phpmyadmin/htpasswd.setup
+
+ Require valid-user
+
# Disallow web access to directories that don\'t need it
+
+ Require all denied
+
- Order Deny,Allow
- Deny from All
+ Require all denied
- Order Deny,Allow
- Deny from All
+ Require all denied
';
if(ISPConfig::$WEBSERVER === ISPC_WEBSERVER_APACHE) {
file_put_contents('/etc/apache2/conf-available/phpmyadmin.conf', $contents);