Question Limit access by ip to Plesk

[IDIDID]

Server operating system version

Debian 11.11

Plesk version and microupdate number

Plesk Obsidian 18.0.65

Hello,

I have limited access to some ports through a previous firewall. Can I limit ports 8443, 8447 and 443 to my office IP without affecting other services?

I want the Plesk web interface to be accessible only from my office. Should I add the IP of my Plesk server to ports 8447 and 443 to allow updates and license renewal?

These are my only open ips:

x.x.x.x (my office ip)	TCP	22	SSH
x.x.x.x (my office ip)	TCP	21	FTP
x.x.x.x (my office ip)	TCP	49152 - 65535	FPTS
All ips	TCP	80	WEB
All ips	TCP	443	License
All ips	TCP	8443	Plesk
All ips	TCP	8447	Plesk Updates

PD.: On the Plesk server I do not use DNS server or email server (They are external). Mysql local access only.

Thanks

 

[Raul A.]

Go to Tools & Settings > Firewall.

Click on the Plesk administrative interface rule and set it to be allowed from specific IP addresses.
Do the same for the Plesk installer rule.

Last step, apply the change.

These are only INPUT rules. Plesk updates are not affected.

 

[Martin Dias]

443 is the web/https port, so if u block that you also block all the websites from being reachable
Over Tools & Settings > IP Access Restriction Management, you can set what IPs are allowed to login as admins to the panel

 

[IDIDID]

Thank you very much for your responses. In my office I have dynamic IP. If I limit access and my IP changes, I would not be able to access Plesk. I use a hardware firewall before Plesk to manage access. In addition, it also protects me from possible security holes in the Software.

But if port 443 always has to be open, there is always a possibility to access the Plesk panel, right?

If I limit access to Plesk using "Tools & Settings > IP Access Restriction Management" and my IP changes, can I modify these settings using ssh or another way?

Thanks!

 

[IDIDID]

I have verified that if I configure the Plesk access url with server IP address or hostname with the specified port 8443, I can no longer access Plesk with :443. You would only need to filter port 8443, right?

 

[Sebahat.hadzhi]

Hello, @IDIDID. Assuming that the IP addresses you are assigned with are from the same range, you can add the whole range. If that's not an option for you, and you prefer to only add specific IP address(es) and you get locked out, you can adjust the allowed IP addresses/completely disable Restricted mode via the command line following this guide. Lastly, you can disable access via port 443 and use only 8443 for Plesk, run the following command:

plesk bin admin --disable-access-domain

 

[IDIDID]

Finally I have configured the Hardware Firewall like this:

x.x.x.x (my office ip)	TCP	22	SSH
x.x.x.x (my office ip)	TCP	21	FTP
x.x.x.x (my office ip)	TCP	49152 - 65535	FPTS
All ips	TCP	80	WEB
All ips	TCP	443	License
x.x.x.x (my office ip)	TCP	8443	Plesk
All ips	TCP	8447	Plesk Updates

And I have set the plesk access url as only IP or server host:8443 in "Over Tools & Settings > IP Access Restriction Management".

At the moment everything seems to be working fine and ip-server:8443 can only be accessed from my office ip. (ip-server:443 is disabled too)