• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Add basic auth to login_up.php

N

NickBucko

New Pleskian
Server operating system version
CentOS 7.9
Plesk version and microupdate number
18.0.57 Update #5
I would like to add basic auth to the Plesk admin panel, specifically https://domain.tld/login_up.php. IP restriction is not an option. I found the panel files in /usr/local/psa/admin/htdocs, created an htpasswd file and .htaccess. The basic auth box pops up but I'm able to cancel out of it and get the Plesk panel login page anyway. How do I properly protect the admin panel with basic auth?
 
mow said:
Isn't the panel served by nginx (only)?
Click to expand...
I thought so as well, haven't been able to find a definite answer. If that is the case, and I need to update a config file, I can do that. The problem is that I just don't know for sure it is and if so, do I edit a config file or add another config file so it isn't overwritten?
 
There is no option to add an additional webserver based password protection to the login page. Many years ago there was a similar feature request, but it never became popular, and technically there is no need to add an additional protection on that page. You can easily use the Fail2Ban jail aimed at Plesk logins to ban brute-force attacks.

Please consider posting a feature request for your business case on Feature Suggestions: Top (2011 ideas) – Your Ideas for Plesk. Make sure, please, to describe in detail why you believe adding an additional webserver based password protection to the login page is required.
 
As for technical implementation, Plesk panel itself is served by sw-cp-server, which is derived from nginx, and you connect to it either directly on ports 8880, 8443, or through nginx proxy on ports 80, 443. So, .htaccess is not relevant to panel access management.
 
You must log in or register to reply here.

Similar threads

K
Question Disable Plesk login link
Replies
1
Views
541
Sebahat.hadzhi
Sebahat.hadzhi
A
Question Plesk Admin - Bad Bot protection
Replies
4
Views
430
Alban Staehli
A
K
Issue Dovecot backup/sync to second server fails - Error: auth-master: userdb lookup
Replies
0
Views
2K
kassi
K
Hangover2
Input Plesk Obsidian 18.0.59 - stable enough for live deployment?
Replies
6
Views
2K
Hangover2
Hangover2
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
3K
NewGate
N
Back
Top