• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question IP Whitelist or Password

T

thedome

New Pleskian
Hi,

Is it possible that we secure the sub-/domains via "protected directories" or via the IP?
So that you either communicate from a certain IP or have to enter a user/password?
(Without using custom .htaccess and .htpasswd!)

greetings
 
However, with the solutions mentioned, protection cannot be ruled out.

I would like to be able to access the site from the office (static IP) without having to enter a password and to use the directory protection from outside connections.
 
It would be nice to have an option to allow specific IPs to bypass the basic auth.
This would be helpful not only for every, by basic auth, protected WordPress site because WordPress needs to connect to it self. In addition there are some external services that need to connect to the site and don't support password protected sites. Unfortunately using https://user:[email protected] doesn't work in our use cases, too.
Why not offering the option to add IP addresses in addition to adding users?
 
ChristianL. said:
It would be nice to have an option to allow specific IPs to bypass the basic auth.
This would be helpful not only for every, by basic auth, protected WordPress site because WordPress needs to connect to it self. In addition there are some external services that need to connect to the site and don't support password protected sites. Unfortunately using https://user:[email protected] doesn't work in our use cases, too.
Why not offering the option to add IP addresses in addition to adding users?
Click to expand...
You could configure your own password protected directory using the build in mechanisms of either apache or nginx. That would allow you whitelist any ip.

For example with .htaccess file:
Apache config: 
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/vhosts/example.com/.htpasswd
Require valid-user
Order deny,allow
Deny from all
Allow from 123.123.123.123
Satisfy any

Or with nginx (add to additional nginx directives of domain)
NGINX: 
location ~ ^/.* {
    satisfy any;

    allow 123.123.123.123;

    auth_basic "Restricted Area";
    auth_basic_user_file "/var/www/vhosts/example.com/.htpasswd";
}
 
Thanks @Kaspar this is a workaround that could do it's job.

But:
  1. this requires access to the Web-Server-Settings
  2. on nginx it does not match to `location /`. Instead a `location ~ ^/.*` is used to avoid duplicate locations, what could cause other problems (loosing settings of `location /`)
  3. you'll have to create and manage the .htpasswd file manually, what isn't that smooth as using the Plesk UI.
 
You must log in or register to reply here.

Similar threads

C
Question Scripting access to restricted directories through user email registration
Replies
1
Views
530
Martin Dias
Martin Dias
N
Question add IP Addresses to the Firewall module in bulk using import and export function?
Replies
4
Views
2K
nikketrikke
N
C
Question nginx reverse proxy and password protected directory
Replies
2
Views
661
Raul A.
R
S
Resolved Database access via browser and URL
Replies
2
Views
294
straddi
S
brother4
Question Why isn't xmlrpc.php monitored by the WordPress jail in Fail2Ban?
Replies
8
Views
1K
Maarten
M
Back
Top