Facebook
TwitterUsername:
TITLE
following support article to protect folder by IP, it does not allow access (always 403) and worse, PHPs get downloaded, not executed
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Plesk Obsydian, from AMI in AWS, fylly updated
CPU AMD EPYC 7571 (2 core(s))
Version Plesk Obsidian v18.0.40_build1800211207.16 os_Ubuntu 20.04
OS Ubuntu 20.04.3 LTS
PROBLEM DESCRIPTION
Followed guide in https://support.plesk.com/hc/en-us/...-directory-from-specific-IP-address-in-Plesk-
But folder is not allowed (403) from that IP and worse than that, PHPs under the folder get downloaded not server-side processed.
STEPS TO REPRODUCE
Followed guide in https://support.plesk.com/hc/en-us/...-directory-from-specific-IP-address-in-Plesk-
enabled NGINX in proxy mode,
enbaled smart static files processing,
disabled "serve static files directly"
disbled "enlable nginx caching"
So I used in (with a diff source IP) the following in "additional nginx directives":
location ^~ /admin {
allow 203.0.113.2;
deny all;
}
ACTUAL RESULT
from other IPs, http/403
from allowed IP, http/403 instead of http/200 and server processing for /admin URL
from allowed IP, http/200 download of /admin/index.php PHP file, instead of http/200 of result of server-side PHP execution
I mean: when trying to access that /admin folder, I always get a 403, being in that source IP or not:
$ curl https://go.tiivii.com/admin/
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
BUT, if I try to get /admin/index.php, I get the original plain text PHP file downloaded if executed from the allowed IP
If I try to get /admin/index.php from another IP , it gets correctly denied
EXPECTED RESULT
http/200 for all /admin/* paths from the allowed IP
http/403 for all /admin/* paths from other IPs
ANY ADDITIONAL INFORMATION
I suppose that using nginx's location {}, as indicated in your guide, requests will not be proxied to apache at all.
So, please correct your guide and state how to implement the expected functionality.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Help with sorting out
TITLE
following support article to protect folder by IP, it does not allow access (always 403) and worse, PHPs get downloaded, not executed
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Plesk Obsydian, from AMI in AWS, fylly updated
CPU AMD EPYC 7571 (2 core(s))
Version Plesk Obsidian v18.0.40_build1800211207.16 os_Ubuntu 20.04
OS Ubuntu 20.04.3 LTS
PROBLEM DESCRIPTION
Followed guide in https://support.plesk.com/hc/en-us/...-directory-from-specific-IP-address-in-Plesk-
But folder is not allowed (403) from that IP and worse than that, PHPs under the folder get downloaded not server-side processed.
STEPS TO REPRODUCE
Followed guide in https://support.plesk.com/hc/en-us/...-directory-from-specific-IP-address-in-Plesk-
enabled NGINX in proxy mode,
enbaled smart static files processing,
disabled "serve static files directly"
disbled "enlable nginx caching"
So I used in (with a diff source IP) the following in "additional nginx directives":
location ^~ /admin {
allow 203.0.113.2;
deny all;
}
ACTUAL RESULT
from other IPs, http/403
from allowed IP, http/403 instead of http/200 and server processing for /admin URL
from allowed IP, http/200 download of /admin/index.php PHP file, instead of http/200 of result of server-side PHP execution
I mean: when trying to access that /admin folder, I always get a 403, being in that source IP or not:
$ curl https://go.tiivii.com/admin/
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
BUT, if I try to get /admin/index.php, I get the original plain text PHP file downloaded if executed from the allowed IP
If I try to get /admin/index.php from another IP , it gets correctly denied
EXPECTED RESULT
http/200 for all /admin/* paths from the allowed IP
http/403 for all /admin/* paths from other IPs
ANY ADDITIONAL INFORMATION
I suppose that using nginx's location {}, as indicated in your guide, requests will not be proxied to apache at all.
So, please correct your guide and state how to implement the expected functionality.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Help with sorting out
