• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Question How to protect plesk Admin Panel with basic authorization?

M

Michael M.

New Pleskian
Hello,

is there any way to do it in GUI, if not, please suggest me another way.
I'am on
OS: ‪Ubuntu 18.04.2 LTS‬
Product: Plesk Onyx 17.8.11 Update #43 ,

Thanks!
 
Dynamic IP? o_O Okay no problem @Michael M. that must suit your particular setup. We didn't go any further with BAA as it's http, so we didn't think you would want http access to your Plesk GUI anyway and looked for an alternative. Sorry. There must be a specific reason for not using https we guess? Even so, yes it's not GUI but wouldn't .htaccess / .htpasswd (with a password) be an easy way to achive the same user / password verification check? Example
 
Last edited:
learning_curve said:
Dynamic IP? o_O Okay no problem @Michael M. that must suit your particular setup. We didn't go any further with BAA as it's http, so we didn't think you would want http access to your Plesk GUI anyway and looked for an alternative. Sorry. There must be a specific reason for not using https we guess? Even so, yes it's not GUI but wouldn't .htaccess / .htpasswd (with a password) be an easy way to achive the same user / password verification check? Example
Click to expand...

Thanks!
I can do it. Can u please provide the folder where located Plesk?
 
:D Not really @Michael M. It will be somewhere in ~ /opt/psa ~ (we think) but that will depend on your own server & plesk setups / access arrangements with your hosting company etc so you'd need to source that yourself. No idea of your Nginx usage, as you haven't mentioned it so far, but assuming that it's only setup in proxy mode, your .htaccess limitations should still be valid.

Meantime, as a temporary workaround (whilst sourcing the correct folder in your setup etc) you could maybe try this:

# Create /etc/sw-cp-server/conf.d/protect-plesk.inc with content:
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/sw-cp-server/conf.d/passwd;
}

# Generate passwd file
htpasswd -cm /etc/sw-cp-server/conf.d/passwd username

Check the permissions are correct:
/etc/sw-cp-server/conf.d/passwd should be 640

# Restart plesk panel
/etc/init.d/sw-cp-server stop
/etc/init.d/sw-cp-server start

We think that shoud work and it's close to what you are looking for.
Just delete /etc/sw-cp-server/conf.d/protect-plesk.inc and /etc/sw-cp-server/conf.d/passwd and the Restart plesk panel again if it doesn't :)
 
learning_curve said:
:D Not really @Michael M. It will be somewhere in ~ /opt/psa ~ (we think) but that will depend on your own server & plesk setups / access arrangements with your hosting company etc so you'd need to source that yourself. No idea of your Nginx usage, as you haven't mentioned it so far, but assuming that it's only setup in proxy mode, your .htaccess limitations should still be valid.

Meantime, as a temporary workaround (whilst sourcing the correct folder in your setup etc) you could maybe try this:

# Create /etc/sw-cp-server/conf.d/protect-plesk.inc with content:
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/sw-cp-server/conf.d/passwd;
}

# Generate passwd file
htpasswd -cm /etc/sw-cp-server/conf.d/passwd username

Check the permissions are correct:
/etc/sw-cp-server/conf.d/passwd should be 640

# Restart plesk panel
/etc/init.d/sw-cp-server stop
/etc/init.d/sw-cp-server start

We think that shoud work and it's close to what you are looking for.
Just delete /etc/sw-cp-server/conf.d/protect-plesk.inc and /etc/sw-cp-server/conf.d/passwd and the Restart plesk panel again if it doesn't :)
Click to expand...

I do not use ngnix, only apache, .htaccess will work!
 
learning_curve said:
:D Not really @Michael M. It will be somewhere in ~ /opt/psa ~ (we think) but that will depend on your own server & plesk setups / access arrangements with your hosting company etc so you'd need to source that yourself. No idea of your Nginx usage, as you haven't mentioned it so far, but assuming that it's only setup in proxy mode, your .htaccess limitations should still be valid.

Meantime, as a temporary workaround (whilst sourcing the correct folder in your setup etc) you could maybe try this:

# Create /etc/sw-cp-server/conf.d/protect-plesk.inc with content:
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/sw-cp-server/conf.d/passwd;
}

# Generate passwd file
htpasswd -cm /etc/sw-cp-server/conf.d/passwd username

Check the permissions are correct:
/etc/sw-cp-server/conf.d/passwd should be 640

# Restart plesk panel
/etc/init.d/sw-cp-server stop
/etc/init.d/sw-cp-server start

We think that shoud work and it's close to what you are looking for.
Just delete /etc/sw-cp-server/conf.d/protect-plesk.inc and /etc/sw-cp-server/conf.d/passwd and the Restart plesk panel again if it doesn't :)
Click to expand...

It works but nor correct.
Password will be asked. It it good.
But panel looks so Screenshot
All CSS files gives 500 Server Error

What can we make in this case?
Maybe password protect another directory?
 
The CSS / 500 error is most likely, just permissions v the requirements of that specific workaround, but it may take you a long time to trace. To be fair, it's from a much older Plesk release than the one we're both using now, hence we said just delete the two files and restart etc if it doesn't work for you.

Maybe forget that option now and use the .htaccess option? Or, pick one of the items on the page that @Brujo posted the link for above. Our personal choices from that page, (we're not, but if we, like you are, were using a dynamic IP address for access and were using http only...) would be either; the Plesk Utility - Login command, or the Googe Authenticator , assuming that you have a googe account. Our own cboice would be, not to use any of the others, but you may feel differently. It's still a mystery why you only want to use http, but no doubt you have your own specific setup requirements
 
The following is how I got my site properly configured, protected and added basic auth for the plesk admin panel - i.e. a username and password popup before you can login to the plesk admin panel.

Mine is running Nginx/Apache with currently, fingers crossed no issues.

I set it up in websites and domains as myhost.mydomain.com

Using myhost.mydomain because that's for this particular server I'm setting up and mydomain.com is a completely separate server.

Used Google Cloud DNS because it does the DNS resolution super fast at 60 seconds for my domain myhost.mydomain.com

I have functioning SSL that redirects http to https.

Tools and Settings / Customizing Plesk Url: The specified domain or subdomain that resolves to the server IP address but is not used for hosting and using my myhost.mydomain.com

I have the yourserverip:8443 or yourdomain.com:8443 switched off by adding a firewall deny all permissions to 8443 and allow all permissions to localhost ip default of 127.0.0.1

Then to protect the main login to plesk page I got mine working by doing this in terminal with sudo permissions on ubuntu/linux.

How to Add and Remove HTTP Basic Auth for Plesk Admin Panel (sw-cp-server)

WHAT WAS DONE

1. Edited the sw-cp-server config:
- File: /etc/sw-cp-server/conf.d/plesk.conf
- Added the following directly after these lines inside the server { ... } block:
include conf.d/*plesk.inc;
include conf.d/*wpb.inc;

- The block added:
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/psa/.htpasswd;
}
}

2. Created the password file:
- File: /etc/psa/.htpasswd
- Command used:
sudo htpasswd -cb /etc/psa/.htpasswd admin password

3. Restarted the Plesk panel web server:
sudo systemctl restart sw-cp-server

HOW TO REVERSE AND REMOVE HTTP BASIC AUTH

1. Edit /etc/sw-cp-server/conf.d/plesk.conf:
- Remove or comment out the location / { ... } block you added for auth_basic.

2. Restart the Plesk panel web server:
sudo systemctl restart sw-cp-server

3. (Optional) Delete the password file if you no longer need it:
sudo rm /etc/psa/.htpasswd


SUMMARY:
- To enable: Add the location / block after the include lines and create the password file, then restart sw-cp-server.
- To disable: Remove the location / block and restart sw-cp-server.
 
You must log in or register to reply here.

Similar threads

A
Question Plesk Admin - Bad Bot protection
Replies
4
Views
887
Alban Staehli
A
Krammig
Resolved Plesk installation requires 'Ubuntu/focal/main' OS repository to be enabled.
Replies
4
Views
2K
Krammig
Krammig
K
Question How do I export a license key?
Replies
6
Views
3K
k.ali
K
Jürgen_T
Question Massive Brute-Force Attacks on Plesk Panel – Looking for Additional Protection Measures
Replies
15
Views
3K
Franky H
F
@
Issue After Restart Plesk admin panel cannot accessible, http 500
Replies
1
Views
622
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top