• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Password protection breaks static files access (404 error)

We disabled automatic updates of Plesk and the extensions a long time ago because of these issues. We're always a full release behind before we start a manual update. Knowing that a new release is published every 4 or 5 weeks on a Tuesday, we start the update a few days before that.

IMHO, Plesk should bring back the old update and upgrade settings, so we have a choice in this automatic update policy, and it would lessen the burden on the Plesk Support team:
- Early adaptor release
- (Recommended) General release
- Late adaptor release

 
We also have this issue and got round it by disabling the Plesk password protection temporarily. As we're new to the forum, how can we track when the bug is fixed?
 
I've only just encountered this issue on my site with password protection enabled on / even though my dashboard says "Version 18.0.51 Update #1, last updated on April 6, 2023 03:35 AM"

Instead, in my situation it coincided with the website's domain Let's Encrypt certificate renewal that happened overnight - otherwise I was blissfully unaware of this issue on the website I use daily until today.

@Hangover2 Regarding the Nginx symptoms it sounds like a known issue with OCSP stapling. I suggest to change the nameservers in /etc/resolv.conf and test again. There is a known issue when OCSP stapling is used and nameserver resolution to the Let's Encrypt servers is slow, because for every web configuration entry Nginx will try to resolv that address and connect. If it takes too long it will run into a timeout. This issue is caused by nameserver resolution specificially for the r3.o.lencr.org server(s) and it has been seen with various public resolvers. It is unclear why public resolvers sometimes have this issue.

I tried just disabling OCSP stapling but it had no effect.

Workaround: Disable "Smart static files processing" or enable "Serve static files directly by nginx" (caution: mod_rewrite rules will not be applied)

Temporarily disabling Smart static files processing worked for me, thanks @Monty

There's now a support article here too https://support.plesk.com/hc/en-us/...irectory-are-inaccessible-ERROR-404-not-found

You'll find PPPM-13942 mentioned in Change Log for Plesk Obsidian

Nope, not yet. Nothing for PPPM-13942 using Ctrl+F in my browser. I guess it will be mentioned once the 18.0.52 update appears on that page.
 
That's what it meant. The fix is planned for 18.0.52 and the PPPM-13942 will then probably be mentioned in the change log.
 
Fixed in Plesk Obsidian 18.0.52, published April 25th, 2023: It is now possible to access files in password-protected directories when “Smart static files processing” and “Proxy mode” are enabled in the “Apache & nginx” settings.
 
I would like to add that Plesk staff is grateful for the discussion here on updates, some not updating and their reasons etc. Actually, the statistics on issues that Plesk continuously does, showed that by January and February 2023 Plesk had the lowest number of open issues ever. However, we do acknowledge that not only the number of issues can be critical, but also the type and impact. Internal changes and improvements are on the way for more and better pre-publishing tests and new strategies to improve the quality of delivered updates.

Thank you again for discussing this important matter. Please continue to contribute with your thoughts and ideas. They are valued and your opinion is seen.
 
Last edited:
Fixed in Plesk Obsidian 18.0.52, published April 25th, 2023: It is now possible to access files in password-protected directories when “Smart static files processing” and “Proxy mode” are enabled in the “Apache & nginx” settings.
Hi, I'm running Version 18.0.52 Update #2 but am still experiencing issues i could best describe by the things mentioned in this topic.

Is there anything i need to do to make it work after it is updated?
 
a reply from plesk support with the solution to the issue i experienced. to add to this topic as it might be interesting for more people.

The released fix implies that default domain template (nginxDomainVirtualHost.php) changed:

location /internal-nginx-static-location/
vs.

location ^~ /internal-nginx-static-location/

However, the fix does not perform changes in existing /var/www/vhosts/system/example.com/conf/nginx.conf file. To apply the fix for domains with 'old' configuration, it is enough to reconfigure domain using command 'plesk repair web example.com'
 
Back
Top