• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Question Block http1.0

M

mendip_discovery

New Pleskian
Server operating system version
Debian 11.11
Plesk version and microupdate number
Plesk Obsidian v18.0.73_build1800251003.15
I am getting spammed/ddos on one site on my server with continuous "HEAD / HTTP/1.0" requests.

I would like to make use of, one part of https://support.plesk.com/hc/en-us/...compliance-scan-shows-a-warning-CVE-2000-0649
where it talks of "Disable support of the outdated HTTP 1.0 protocol".

* Create the file /etc/sw-cp-server/conf.d/disable-http-1.0-plesk.inc
Code: 
touch /etc/sw-cp-server/conf.d/disable-http-1.0-plesk.inc
* Edit File /etc/sw-cp-server/conf.d/disable-http-1.0-plesk.inc and add following content to it
Code: 
if ($server_protocol = HTTP/1.0) {
return 444;
}

This is for the control panel but where should I insert it so that it can be used by Apache for all sites and not get removed in the next Plesk update?
 
If it's just for one (or two) sites, you can added the code to the "Additional nginx directives" section of the domain. Which is available at example.com > Hosting & DNS > Apache & Nginx.

NGINX: 
if ($server_protocol = HTTP/1.0) {
    return 444;
}

If it's for a large number of domain, you can add the same code the "Additional nginx directives" section of the Service Plans.
 
Tried it, seems that it doesn't make much of a change.

2025-10-08 17:21:11 Access 190.6.7.21 200 HEAD / HTTP/1.0 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.2549.113 Safari/537.36 4.15 K Apache SSL/TLS access

This is what I get in my logs, and I am just getting tired of the hammering the site is getting. It's 50 or so connections over a 20-second burst, then it stops for 10, rinse and repeat. It used to be a few IPs, but now it's random IP addresses. It's a Botnet, as such, just on a script to annoy.

Should I look at blocking it at the Apache level as well, but I see talk of it, with nobody giving a working example to use.
 
You must log in or register to reply here.

Similar threads

T
Issue Unable to whitelist Cookiebot scanner in Plesk (tried all usual methods)
Replies
6
Views
453
Tim den Dikken
T
adocsys
Resolved How to add HTTP Security Header on port 80?
Replies
3
Views
3K
adocsys
adocsys
H
Question I want to use my original domain and not get SSL warnings when accessing the control panel.
Replies
4
Views
2K
Hideki.Oride
H
O
Question Plesk Admin Panel - Internal IP address Revealed on port 8443 (PCI Compliance Issue)
Replies
0
Views
2K
OWEUX LLC
O
S
Resolved I am unable to access to my Plesk panel by using port 8443/8880
Replies
2
Views
2K
soonawan786
S
Back
Top