• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Question Disabling access to <server-ip>/login_up.php in plesk

K

kentsmike

New Pleskian
Server operating system version
Debian 11
Plesk version and microupdate number
18.0.56
is there a way to disable accessing Plesk from <server-ip>/login_up.php and allow access only from :8443

i want to access plesk from only <server-ip>:8443
 
Edit the Customize Plesk URL setting to be "No custom URLs. Only https://<server-ip-or-hostname>:8443".

Setting can be found under Tools & Settings > General Settings > Customize Plesk URL
 
kentsmike said:
is there a way to disable accessing Plesk from <server-ip>/login_up.php and allow access only from :8443

i want to access plesk from only <server-ip>:8443
Click to expand...

@kentsmike

It might seem logical and/or more secure to access Plesk Panel with [server IP]:8443, but there are some considerations here.


If you want to change access for reasons of personal convenience, then I could understand your question.

However, in an environment with lots of servers or in order to prevent typos in IPs or for convenience, a simple domain name is more easy and secure.


If you want to change access for reasons of security, then I can safely assume that you have asked the wrong question.

Security is not benefitting from URLs consisting of IP:port combinations in browsers that store everything ..... that is not wise.

A custom URL makes it quite easy to change the URL - good for security, but also practical when (sysadmin) mail notifications are blocked (just change URLs!)

It is often good to use a format of [server id of some kind].domain.tld across all Plesk servers - just change the server id (read: subdomain prefix) and the DNS records on a relatively frequent basis.

Security is more benefitting from allowing access to Plesk Panel from a very limited number of IPs (and blocking all other IPs explicitly) :

- use Plesk Firewall extension : there are two pre-defined rules already!
- use panel.ini : set the "allowedIPs" value to the allowed IPs in the [api] block
- use Fail2Ban : set the allowed IPs as trusted IPs
- use Nginx rules (if necessary - in general, do not mess with Nginx settings for the Plesk Panel)

and so on.


In short, plenty of considerations that are relevant, but it is essentially up to you and your own preferences.

I deliberately left out a huge number of (other) considerations, since the "nitty gritty" details are barely relevant here.

In my humble opinion, it should be preferred to use a custom URL for Plesk Panel access, for many reasons.


Just some food for thought .......... and I hope it helps a bit!

Kind regards.....
 
You must log in or register to reply here.

Similar threads

E
Question Limit access to Contol Panel based on server IP address
Replies
3
Views
570
Eightwire
E
S
Issue All domains redirect to /login_up.php after automatic update
Replies
8
Views
1K
simonedev
S
A
Issue Help, Please! Redirecting to login_up.php
Replies
2
Views
1K
Raul A.
R
K
Question Disable Plesk login link
Replies
1
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
Z
Issue Major security inconsistency in Plesk admin access control logic
Replies
7
Views
2K
zigzag
Z
Back
Top