Question Limit access to Contol Panel based on server IP address

Eightwire

New Pleskian
Server operating system version
CloudLinux 8.10
Plesk version and microupdate number
Plesk Obsidian 18.0.70 Update #2 Web Host Edition
I have a server with 2 IP addresses assigned to it. I use one for server managment and one for individual sites hosted on the server.

Currently both IP addresses will allow access to the Plesk CP

i.e. (IP addresses as examples only and do not reflect my actual IP addresses).

192.168.0.1 = IP1
192.168.0.2 = IP2

IP1 is set to dedicated and only assigned to my Plesk server as custom URL using a subdomain (subdomain.myurl.tld)

IP2 is set as shared and all subscriptions use this IP and present this to the world. DNS A records etc point here.

Plesk CP is accessbile on subdomain.myurl.tld or 192.168.0.1:8443 or 192.168.0.1:8443/login_up.php (as desired)

Plesk CP is also available on IP2...

192.168.0.2:8443 or 192.168.0.2:8443/login_up.php

and also any domain that uses that IP

ahostedsite.com:8443 or ahostedsite.com:8443/login_up.php

Is there a way that I can prevent IP2 and it's sites from resolving to Plesk's CP?
 
You can block access to port 8443 (the internal Plesk webspace control panel webserver) with an iptables rule, e.g.
# iptables -A INPUT -p tcp -s 192.168.0.2 --dport 8443 -j DROP
In this example, traffic directed to 192.168.0.2 and port 8443 will be blockd while traffic to 192.168.0.1 and port 8443 as well as traffic to 192.168.0.2 and ports other than 8443 will still be allowed.
 
Be aware that any custom iptables rule will be overwritten by the Plesk Firewall extension when updating any rules via the extension. To workaround this you can use the event manager in Plesk to setup a custom event that triggers a script to re-add the custom iptables rule. More info on this can be read on another post I made here.

Another method that might be easier is to configure is to bind Plesk to a specific IP address. This is described in the Plesk documentation here.
 
Last edited:
Be aware that any custom iptables rule will be overwritten by the Plesk Firewall extension when updating any rules via the extension. To workaround this you can use the event manager in Plesk to setup a custom event that triggers a script to re-add the custom iptables rule. More info on this can be read on another post I made here.

Another method that might be easier is to configure Plesk to bind to a specific IP address. This is described in the Plesk documentation here.

Thank you - binding the IP via config file looks like the most sensible answer in my context. I will test it out.
 
Back
Top