• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Disable access to Plesk via IP address

Martbean

Martbean

New Pleskian
Hi,

I'm trying to achieve PCI compliance for a server and it's failing because Plesk can be accessed with an invalid/self-signed certificate using the IP address, ie. xxx.xxx.xxx.xxx:8443

I've managed to get Plesk to use the cert from my domain name so https://domain.com:8443 works fine, but I can still access it using the IP address, but with an "invalid certificate" error. Is there a way of disabling Plesk access on the IP address?

Thanks,

Martin.
 
It's been a while but I think putting this in your .htaccess will force the browser to use the domain rather than the IP
Code: 
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^12\.34\.56\.789$
RewriteRule ^(.*)$ http://www.domainname.com/$1 [L,R=301]
 
Hi,

I was thinking that too, that I'd still see the warning, but that might be enough. I'm not using the address nor publicising it but since it's a PCI scan, they are simply looking for common open ports on the IP address. The scan fails because there's a Plesk login on a "insecure" connection, but if it can redirect elsewhere then it should pass.

So is there an .htaccess for Plesk itself?

Thanks,

Martin.
 
Hi Martbean,

as you can see at:


... Plesk uses it's own webserver, where you can find the configuration files at: => /etc/sw-cp-server/

If you desire something compairable as
Code: 
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^12\.34\.56\.789$
RewriteRule ^(.*)$ http://www.domainname.com/$1 [L,R=301]
... for an apache - webserver, you would replace for example "/etc/sw-cp-server/conf.d/plesk.conf":
Code: 
server {
        listen 8443 ssl;
        listen 8880;

...
with
Code: 
server {
        listen 12.34.56.789:8443 ssl;
        listen 12.34.56.789:8880;

...
and add as well:
Code: 
return 301 $scheme://YOUR-DOMAIN.COM:$server_port$request_uri;
... so that all would be redirected to your FQDN.
 
Awesome, thanks for this! I'm going away for a few days but will give it a go when I get back.
 
Hi,

I've tried the changes you suggested but it's still not redirecting. Here's the contents of /etc/sw-cp-server/conf.d/plesk.conf:

Code: 
server_names_hash_bucket_size  64;

server {
                listen xx.xx.xx.xx:8443 ssl;
                listen xx.xx.xx.xx:8880;
                listen 127.0.0.1:8880 default_server;
                include conf.d/*ipv6_ports.inc;

                return 301 $scheme://www.domain.com:$server_port$request_uri;

                ssl_certificate /usr/local/psa/admin/conf/httpsd.pem;
                ssl_certificate_key /usr/local/psa/admin/conf/httpsd.pem;

                include conf.d/*plesk.inc;
                include conf.d/*wpb.inc;
}

Edit: I also restarted psa after making the changes.

Any ideas?

Thanks,

Martin.
 
Last edited:
Hello,

I have tried the above also and end up getting ERR_Too many redirects. Have cleared browser cache etc.

Anyone got any other suggestions

Thanks
 
Hi Steve Tozer,

could you provide MORE informations ( log - file entries ) and could you pls. add as well YOUR current configuration files for further investigations?
 
Hello @UFHH01

/etc/sw-cp-server/conf.d/plesk.conf

Code: 
server_names_hash_bucket_size  64;

server {
                listen xx.xxx.xxx.xx:8443 ssl;
                listen xx.xxx.xxx.xx:8880;
                listen 127.0.0.1:8880 default_server;
                include conf.d/*ipv6_ports.inc;

                   return 301 $scheme://server.domain.co.uk:$server_port$request_uri;

                ssl_certificate /usr/local/psa/admin/conf/httpsd.pem;
                ssl_certificate_key /usr/local/psa/admin/conf/httpsd.pem;

                include conf.d/*plesk.inc;
                include conf.d/*wpb.inc;

}

The outcome is wanting the admin area to be available on https://server.domain.co.uk:8443

When going to the IP via https://xx.xxx.xxx.xx:8443 im getting ERR_TOO_MANY_REDIRECTS

I have had a look at the logs I can see the 301 but there are no errors in there.

Im guessing there's something else trying to 301/redirect it to https again

Thanks

Steve
 
Hi Steve Tozer,

Steve Tozer said:
return 301 $scheme://server.domain.co.uk:$server_port$request_uri;
Click to expand...
Pls. consider to remove this line and restart the Plesk Control Panel:
Code: 
service sw-cp-server restart
service sw-engine restart
If you desire a redirect to a specific "subdomain.domain.com", which is not the current hostname of your server ( pls. have a look at "/etc/hostname" ) you could use for example:
Code: 
error_page 497 https://subdomain.not-your-hostname.com:$server_port$request_uri;


 
Hello @UFHH01

I have removed line

Code: 
return 301 $scheme://server.domain.co.uk:$server_port$request_uri;

This stops the whole redirection happening.

The hostname of the server is server.domain.co.uk already and its correctly in /etc/hostname

Thanks

Steve
 
Hi Steve Tozer,

if you have a look at "config" ( => /etc/sw-cp-server ) you should notice, that there already is the setting:
Code: 
    error_page 497 https://$hostname:$server_port$request_uri;
... which should redirect each request with a depending IP or hosted domain and the port ":8443", to https://server.domain.co.uk:8443 ( if this is setup as hostname on your server ).

Pls. make sure to setup as well a "Default site" for each of your IPs, hosted on your server ( => HOME > Tools & Settings > IP Addresses ).
 
You must log in or register to reply here.

Similar threads

majdi draouil
Question Need Help Configuring Plesk Web Access on Server with Custom Ports - IP Accidentally Pointed to Domain
Replies
3
Views
463
majdi draouil
majdi draouil
F
Question How to disable/restrict by IP <server-ip>/login_up.php ?
Replies
4
Views
2K
W4ru
W
weareimpulse
Issue IP Access restriction - locked out of PLESK
Replies
3
Views
568
trialotto
T
majdi draouil
Question How to Block Direct IP Access and Ensure All Traffic Routes Through Cloudflare
Replies
1
Views
598
Raul A.
R
M
Question NameServer settings for domains and Webspaces?
Replies
4
Views
491
MimiWeb
M
Back
Top