Question Add basic auth to login_up.php

[NickBucko]

Server operating system version

CentOS 7.9

Plesk version and microupdate number

18.0.57 Update #5

I would like to add basic auth to the Plesk admin panel, specifically https://domain.tld/login_up.php. IP restriction is not an option. I found the panel files in /usr/local/psa/admin/htdocs, created an htpasswd file and .htaccess. The basic auth box pops up but I'm able to cancel out of it and get the Plesk panel login page anyway. How do I properly protect the admin panel with basic auth?

 

[kpushkarev]

What's the content of your .htaccess?

 

[mow]

Isn't the panel served by nginx (only)?

 

[NickBucko]

What's the content of your .htaccess?

Its a standard basic auth I use all the time

AuthUserFile /var/www/vhosts/default/htpasswd
AuthType Basic
AuthName "Basic Security"
Require valid-user

 

[NickBucko]

Isn't the panel served by nginx (only)?

I thought so as well, haven't been able to find a definite answer. If that is the case, and I need to update a config file, I can do that. The problem is that I just don't know for sure it is and if so, do I edit a config file or add another config file so it isn't overwritten?

 

[Peter Debik]

There is no option to add an additional webserver based password protection to the login page. Many years ago there was a similar feature request, but it never became popular, and technically there is no need to add an additional protection on that page. You can easily use the Fail2Ban jail aimed at Plesk logins to ban brute-force attacks.

Please consider posting a feature request for your business case on Feature Suggestions: Top (2011 ideas) – Your Ideas for Plesk. Make sure, please, to describe in detail why you believe adding an additional webserver based password protection to the login page is required.

 

[kpushkarev]

As for technical implementation, Plesk panel itself is served by sw-cp-server, which is derived from nginx, and you connect to it either directly on ports 8880, 8443, or through nginx proxy on ports 80, 443. So, .htaccess is not relevant to panel access management.