• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved How to add response headers to the port 8443?

A

Alex Bosch

New Pleskian
Server operating system version
Debian 9.13
Plesk version and microupdate number
Obsidian 18.0.44
Hi;

I use a subdomain as a hostname and I set the access to the plesk interface with it. I managed to add http security headers when accessing to plesk with the subdomain URL, with the help of this article:

Resolved - How can I adjust HSTS in Plesk?

But when I try to access to plesk via subdomain:8443, the http security headers disappear.

I do not use nginx. I set them on apache.

Could you please help me to solve that?

Thank you in advance
 
The port 8443 is not serviced by Nginx, nor Apache. It is serviced by an additional web server that is customized specifically for the Plesk control panel pages. Please do not try to mess with configuration files for these, it will only cause problems, because there are a huge number of dependencies between PHP, the Plesk-owned web server and its configuration.

If you believe that HSTS is needed for the panel pages, please vote for the feature request here:
plesk.uservoice.com

Enable OCSP stapling ans HSTS for Plesk panel

OSCP stapling and HSTS can now be enabled for domains using SSL It! estension. However these settings cannot be enabled while securing Plesk panel. So it will be really appreciated if such functionality is included in future Plesk updates.
plesk.uservoice.com
 
Hi, @Peter Debik

Thank you for your answer. I don't know how, but HSTS it is already applied on the 8443 port URL, but not other security headers that are needed. I don't want to mess, but without these headers, Security Scorecard and other security checkers flag my server with security problems, which is true.

If some headers are already applied on port 8443 URL (HSTS, X-XXS and X-frame), others should. I only need to know how to do that.

Thank you.
 
You must log in or register to reply here.

Similar threads

adocsys
Resolved How to add HTTP Security Header on port 80?
Replies
3
Views
357
adocsys
adocsys
A
Question How to use Clear-Site-Data header rule to clear browser cache
Replies
2
Views
849
AntoineW
A
nornagest
Question How to secure different access domains for Plesk
Replies
2
Views
960
Peter Debik
P
F
Issue OCSP for Plesk-Panel does not work
Replies
5
Views
438
Peter Debik
P
afuego
Question How to block control panel access for subdomain?
Replies
2
Views
905
afuego
afuego
Back
Top