• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Add basic auth to login_up.php

N

NickBucko

New Pleskian
Server operating system version
CentOS 7.9
Plesk version and microupdate number
18.0.57 Update #5
I would like to add basic auth to the Plesk admin panel, specifically https://domain.tld/login_up.php. IP restriction is not an option. I found the panel files in /usr/local/psa/admin/htdocs, created an htpasswd file and .htaccess. The basic auth box pops up but I'm able to cancel out of it and get the Plesk panel login page anyway. How do I properly protect the admin panel with basic auth?
 
mow said:
Isn't the panel served by nginx (only)?
Click to expand...
I thought so as well, haven't been able to find a definite answer. If that is the case, and I need to update a config file, I can do that. The problem is that I just don't know for sure it is and if so, do I edit a config file or add another config file so it isn't overwritten?
 
There is no option to add an additional webserver based password protection to the login page. Many years ago there was a similar feature request, but it never became popular, and technically there is no need to add an additional protection on that page. You can easily use the Fail2Ban jail aimed at Plesk logins to ban brute-force attacks.

Please consider posting a feature request for your business case on Feature Suggestions: Top (2011 ideas) – Your Ideas for Plesk. Make sure, please, to describe in detail why you believe adding an additional webserver based password protection to the login page is required.
 
As for technical implementation, Plesk panel itself is served by sw-cp-server, which is derived from nginx, and you connect to it either directly on ports 8880, 8443, or through nginx proxy on ports 80, 443. So, .htaccess is not relevant to panel access management.
 
You must log in or register to reply here.

Similar threads

K
Issue Dovecot backup/sync to second server fails - Error: auth-master: userdb lookup
Replies
0
Views
2K
kassi
K
Hangover2
Input Plesk Obsidian 18.0.59 - stable enough for live deployment?
Replies
6
Views
2K
Hangover2
Hangover2
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
679
NewGate
N
T
Issue SMTPD No Auth from IP Issue
Replies
2
Views
2K
Tessxr
T
A
Resolved 503 Error on submission of API call, still works though...
Replies
16
Views
4K
ajtaylordev
A
Back
Top