• The ImunifyAV extension is now deprecated and no longer available for installation.
    Existing ImunifyAV installations will continue operating for three months, and after that will automatically be replaced with the new Imunify extension. We recommend that you manually replace any existing ImunifyAV installations with Imunify at your earliest convenience.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue IP Access restriction - locked out of PLESK

weareimpulse

weareimpulse

Basic Pleskian
Server operating system version
Ubuntu 22.04.5 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.65 Update #2 Web Host Edition
can anyone help please...

the IP Access restriction feature was added to one of our servers, however, the person who added it did this whilst using a dynamic IP - rather than our static, and now we're locked out.

We have SSH access, so is there a way to add an IP via this to gain PLESK access, or maybe disable the feature so we can get in and set it up properly?

Many thanks...
 
weareimpulse said:
Legend. many thanks :)
Click to expand...
@weareimpulse

It is not a good thing to (only) use the "Restrict Administrative Access" functionality.

The best way is to setup Plesk Firewall extension with :

1 - SSH : allow access to IPs chosen, deny all others

2 - Plesk Panel : allow access to IPs chosen, deny all others

and please do

3 - remove the IPs from "Restrict Administrative Access" functionality - otherwise, this will become a potential problem in the near future,

4 - NOT use dynamic IP addresses with netmasks - it is possible, but if often fails (for many reasons) and it also increase the attack surface!

5 - CREATE a cloud based (cheap) VM with a STATIC IP - this can be stopped/started at all times, hence granting you a fail-over access point

6 - STOP the cloud based VM when you are not using it - only start it when you are locked from Plesk and cannot access Plesk anymore


The simple rule here is : only grant 1 or 2 IPs access to SSH and Plesk Administrative interface, with a VM with a (static) IP as a fail-over access point.

In general, it is a good idea to limit the fail-over access point to SSH, since it is more important to have access to the server itself (via SSH) than having access to Plesk Administrative interface (which interface cannot help you in all scenario's - it only covers most of the lock out scenarios!)


I hope the above helps!


Kind regards....


PS If you run 2 or more dedicated servers, then there is no need for cloud based VMs. However, it still is a good idea, for instance when you run all servers in one and the same datacenter!
 
You must log in or register to reply here.

Similar threads

WhiteTiger
Question Access from a static IP is not allowed
Replies
0
Views
191
WhiteTiger
WhiteTiger
C
Question Scripting access to restricted directories through user email registration
Replies
1
Views
432
Martin Dias
Martin Dias
P
Question Getting X-Forwarded-For IP address from behind a nginx proxy server
Replies
4
Views
765
philglau
P
CobraArbok
Question Access from dynamic IP (Mobile)
Replies
0
Views
916
CobraArbok
CobraArbok
T
Question Using an external firewall to block Plesk ports
Replies
3
Views
1K
thinkjarvis
T
Back
Top