Question Limit access to Contol Panel based on server IP address

E

Eightwire

New Pleskian
Server operating system version
CloudLinux 8.10
Plesk version and microupdate number
Plesk Obsidian 18.0.70 Update #2 Web Host Edition
I have a server with 2 IP addresses assigned to it. I use one for server managment and one for individual sites hosted on the server.

Currently both IP addresses will allow access to the Plesk CP

i.e. (IP addresses as examples only and do not reflect my actual IP addresses).

192.168.0.1 = IP1
192.168.0.2 = IP2

IP1 is set to dedicated and only assigned to my Plesk server as custom URL using a subdomain (subdomain.myurl.tld)

IP2 is set as shared and all subscriptions use this IP and present this to the world. DNS A records etc point here.

Plesk CP is accessbile on subdomain.myurl.tld or 192.168.0.1:8443 or 192.168.0.1:8443/login_up.php (as desired)

Plesk CP is also available on IP2...

192.168.0.2:8443 or 192.168.0.2:8443/login_up.php

and also any domain that uses that IP

ahostedsite.com:8443 or ahostedsite.com:8443/login_up.php

Is there a way that I can prevent IP2 and it's sites from resolving to Plesk's CP?
 
You can block access to port 8443 (the internal Plesk webspace control panel webserver) with an iptables rule, e.g.
# iptables -A INPUT -p tcp -s 192.168.0.2 --dport 8443 -j DROP
In this example, traffic directed to 192.168.0.2 and port 8443 will be blockd while traffic to 192.168.0.1 and port 8443 as well as traffic to 192.168.0.2 and ports other than 8443 will still be allowed.
 
Be aware that any custom iptables rule will be overwritten by the Plesk Firewall extension when updating any rules via the extension. To workaround this you can use the event manager in Plesk to setup a custom event that triggers a script to re-add the custom iptables rule. More info on this can be read on another post I made here.

Another method that might be easier is to configure is to bind Plesk to a specific IP address. This is described in the Plesk documentation here.
 
Last edited:
Kaspar said:
Be aware that any custom iptables rule will be overwritten by the Plesk Firewall extension when updating any rules via the extension. To workaround this you can use the event manager in Plesk to setup a custom event that triggers a script to re-add the custom iptables rule. More info on this can be read on another post I made here.

Another method that might be easier is to configure Plesk to bind to a specific IP address. This is described in the Plesk documentation here.
Click to expand...

Thank you - binding the IP via config file looks like the most sensible answer in my context. I will test it out.
 
You must log in or register to reply here.

Similar threads

majdi draouil
Question Need Help Configuring Plesk Web Access on Server with Custom Ports - IP Accidentally Pointed to Domain
Replies
3
Views
1K
majdi draouil
majdi draouil
hardbrasil
Issue Add sencond IP into panel -> Lost access to Plesk
Replies
1
Views
694
Sebahat.hadzhi
Sebahat.hadzhi
I
Question Limit access by ip to Plesk
Replies
6
Views
1K
IDIDID
I
Z
Issue Major security inconsistency in Plesk admin access control logic
Replies
6
Views
845
Kaspar
K
C
Issue Failed to update the IP address" when repairing PHP-FPM configuration for all domains
Replies
3
Views
11K
whyisthissuchaBS
W
Back
Top