• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Resolved Disable access to Plesk via IP address

Martbean

Martbean

New Pleskian
Hi,

I'm trying to achieve PCI compliance for a server and it's failing because Plesk can be accessed with an invalid/self-signed certificate using the IP address, ie. xxx.xxx.xxx.xxx:8443

I've managed to get Plesk to use the cert from my domain name so https://domain.com:8443 works fine, but I can still access it using the IP address, but with an "invalid certificate" error. Is there a way of disabling Plesk access on the IP address?

Thanks,

Martin.
 
It's been a while but I think putting this in your .htaccess will force the browser to use the domain rather than the IP
Code: 
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^12\.34\.56\.789$
RewriteRule ^(.*)$ http://www.domainname.com/$1 [L,R=301]
 
Hi,

I was thinking that too, that I'd still see the warning, but that might be enough. I'm not using the address nor publicising it but since it's a PCI scan, they are simply looking for common open ports on the IP address. The scan fails because there's a Plesk login on a "insecure" connection, but if it can redirect elsewhere then it should pass.

So is there an .htaccess for Plesk itself?

Thanks,

Martin.
 
Hi Martbean,

as you can see at:


... Plesk uses it's own webserver, where you can find the configuration files at: => /etc/sw-cp-server/

If you desire something compairable as
Code: 
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^12\.34\.56\.789$
RewriteRule ^(.*)$ http://www.domainname.com/$1 [L,R=301]
... for an apache - webserver, you would replace for example "/etc/sw-cp-server/conf.d/plesk.conf":
Code: 
server {
        listen 8443 ssl;
        listen 8880;

...
with
Code: 
server {
        listen 12.34.56.789:8443 ssl;
        listen 12.34.56.789:8880;

...
and add as well:
Code: 
return 301 $scheme://YOUR-DOMAIN.COM:$server_port$request_uri;
... so that all would be redirected to your FQDN.
 
Awesome, thanks for this! I'm going away for a few days but will give it a go when I get back.
 
Hi,

I've tried the changes you suggested but it's still not redirecting. Here's the contents of /etc/sw-cp-server/conf.d/plesk.conf:

Code: 
server_names_hash_bucket_size  64;

server {
                listen xx.xx.xx.xx:8443 ssl;
                listen xx.xx.xx.xx:8880;
                listen 127.0.0.1:8880 default_server;
                include conf.d/*ipv6_ports.inc;

                return 301 $scheme://www.domain.com:$server_port$request_uri;

                ssl_certificate /usr/local/psa/admin/conf/httpsd.pem;
                ssl_certificate_key /usr/local/psa/admin/conf/httpsd.pem;

                include conf.d/*plesk.inc;
                include conf.d/*wpb.inc;
}

Edit: I also restarted psa after making the changes.

Any ideas?

Thanks,

Martin.
 
Last edited:
Hello,

I have tried the above also and end up getting ERR_Too many redirects. Have cleared browser cache etc.

Anyone got any other suggestions

Thanks
 
Hi Steve Tozer,

could you provide MORE informations ( log - file entries ) and could you pls. add as well YOUR current configuration files for further investigations?
 
Hello @UFHH01

/etc/sw-cp-server/conf.d/plesk.conf

Code: 
server_names_hash_bucket_size  64;

server {
                listen xx.xxx.xxx.xx:8443 ssl;
                listen xx.xxx.xxx.xx:8880;
                listen 127.0.0.1:8880 default_server;
                include conf.d/*ipv6_ports.inc;

                   return 301 $scheme://server.domain.co.uk:$server_port$request_uri;

                ssl_certificate /usr/local/psa/admin/conf/httpsd.pem;
                ssl_certificate_key /usr/local/psa/admin/conf/httpsd.pem;

                include conf.d/*plesk.inc;
                include conf.d/*wpb.inc;

}

The outcome is wanting the admin area to be available on https://server.domain.co.uk:8443

When going to the IP via https://xx.xxx.xxx.xx:8443 im getting ERR_TOO_MANY_REDIRECTS

I have had a look at the logs I can see the 301 but there are no errors in there.

Im guessing there's something else trying to 301/redirect it to https again

Thanks

Steve
 
Hi Steve Tozer,

Steve Tozer said:
return 301 $scheme://server.domain.co.uk:$server_port$request_uri;
Click to expand...
Pls. consider to remove this line and restart the Plesk Control Panel:
Code: 
service sw-cp-server restart
service sw-engine restart
If you desire a redirect to a specific "subdomain.domain.com", which is not the current hostname of your server ( pls. have a look at "/etc/hostname" ) you could use for example:
Code: 
error_page 497 https://subdomain.not-your-hostname.com:$server_port$request_uri;


 
Hello @UFHH01

I have removed line

Code: 
return 301 $scheme://server.domain.co.uk:$server_port$request_uri;

This stops the whole redirection happening.

The hostname of the server is server.domain.co.uk already and its correctly in /etc/hostname

Thanks

Steve
 
Hi Steve Tozer,

if you have a look at "config" ( => /etc/sw-cp-server ) you should notice, that there already is the setting:
Code: 
    error_page 497 https://$hostname:$server_port$request_uri;
... which should redirect each request with a depending IP or hosted domain and the port ":8443", to https://server.domain.co.uk:8443 ( if this is setup as hostname on your server ).

Pls. make sure to setup as well a "Default site" for each of your IPs, hosted on your server ( => HOME > Tools & Settings > IP Addresses ).
 
You must log in or register to reply here.

Similar threads

F
Question How to disable/restrict by IP <server-ip>/login_up.php ?
Replies
4
Views
803
W4ru
W
CobraArbok
Question How can I access the mailbox with the IP Address?
Replies
5
Views
283
Dave W
Dave W
PrimeSites
Issue Server-wide backup invalidates SSL cert when deployed on back-up server
Replies
4
Views
472
PrimeSites
PrimeSites
P
Resolved Can't accessing Plesk log in page over HTTPS
Replies
4
Views
160
Patashoow
P
futureweb
Question Issues with SSL Certificate Renewal for Mail Services in Plesk: Seeking Automated Solution via CLI or API
Replies
8
Views
358
futureweb
futureweb
Back
Top