• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Password protection breaks static files access (404 error)

We disabled automatic updates of Plesk and the extensions a long time ago because of these issues. We're always a full release behind before we start a manual update. Knowing that a new release is published every 4 or 5 weeks on a Tuesday, we start the update a few days before that.

IMHO, Plesk should bring back the old update and upgrade settings, so we have a choice in this automatic update policy, and it would lessen the burden on the Plesk Support team:
- Early adaptor release
- (Recommended) General release
- Late adaptor release

docs.plesk.com

Plesk Updates

Updates are fixes that enhance Plesk security and stability. Some updates are mandatory and are applied automaticall...
docs.plesk.com docs.plesk.com
 
We also have this issue and got round it by disabling the Plesk password protection temporarily. As we're new to the forum, how can we track when the bug is fixed?
 
I've only just encountered this issue on my site with password protection enabled on / even though my dashboard says "Version 18.0.51 Update #1, last updated on April 6, 2023 03:35 AM"

Instead, in my situation it coincided with the website's domain Let's Encrypt certificate renewal that happened overnight - otherwise I was blissfully unaware of this issue on the website I use daily until today.

Peter Debik said:
@Hangover2 Regarding the Nginx symptoms it sounds like a known issue with OCSP stapling. I suggest to change the nameservers in /etc/resolv.conf and test again. There is a known issue when OCSP stapling is used and nameserver resolution to the Let's Encrypt servers is slow, because for every web configuration entry Nginx will try to resolv that address and connect. If it takes too long it will run into a timeout. This issue is caused by nameserver resolution specificially for the r3.o.lencr.org server(s) and it has been seen with various public resolvers. It is unclear why public resolvers sometimes have this issue.
Click to expand...

I tried just disabling OCSP stapling but it had no effect.

Monty said:
Workaround: Disable "Smart static files processing" or enable "Serve static files directly by nginx" (caution: mod_rewrite rules will not be applied)
Click to expand...

Temporarily disabling Smart static files processing worked for me, thanks @Monty

There's now a support article here too https://support.plesk.com/hc/en-us/...irectory-are-inaccessible-ERROR-404-not-found

Peter Debik said:
You'll find PPPM-13942 mentioned in Change Log for Plesk Obsidian
Click to expand...

Nope, not yet. Nothing for PPPM-13942 using Ctrl+F in my browser. I guess it will be mentioned once the 18.0.52 update appears on that page.
 
That's what it meant. The fix is planned for 18.0.52 and the PPPM-13942 will then probably be mentioned in the change log.
 
Fixed in Plesk Obsidian 18.0.52, published April 25th, 2023: It is now possible to access files in password-protected directories when “Smart static files processing” and “Proxy mode” are enabled in the “Apache & nginx” settings.
 
I would like to add that Plesk staff is grateful for the discussion here on updates, some not updating and their reasons etc. Actually, the statistics on issues that Plesk continuously does, showed that by January and February 2023 Plesk had the lowest number of open issues ever. However, we do acknowledge that not only the number of issues can be critical, but also the type and impact. Internal changes and improvements are on the way for more and better pre-publishing tests and new strategies to improve the quality of delivered updates.

Thank you again for discussing this important matter. Please continue to contribute with your thoughts and ideas. They are valued and your opinion is seen.
 
Last edited:
Peter Debik said:
Fixed in Plesk Obsidian 18.0.52, published April 25th, 2023: It is now possible to access files in password-protected directories when “Smart static files processing” and “Proxy mode” are enabled in the “Apache & nginx” settings.
Click to expand...
Hi, I'm running Version 18.0.52 Update #2 but am still experiencing issues i could best describe by the things mentioned in this topic.

Is there anything i need to do to make it work after it is updated?
 
a reply from plesk support with the solution to the issue i experienced. to add to this topic as it might be interesting for more people.

The released fix implies that default domain template (nginxDomainVirtualHost.php) changed:

location /internal-nginx-static-location/
vs.

location ^~ /internal-nginx-static-location/

However, the fix does not perform changes in existing /var/www/vhosts/system/example.com/conf/nginx.conf file. To apply the fix for domains with 'old' configuration, it is enough to reconfigure domain using command 'plesk repair web example.com'
Click to expand...
 
You must log in or register to reply here.

Similar threads

Hangover2
Resolved Smart static files processing is only working for lowercase file extensions
Replies
8
Views
543
ChristophRo
ChristophRo
V
500 Internal Server Error after disabling password protection - WP Toolkit
Replies
1
Views
577
Peter Debik
P
P
Question 404, WordPress static page with NGINX
Replies
8
Views
3K
Paulo_o
P
becker.enterprises
Issue nginx proxypass not working for static files
Replies
2
Views
915
becker.enterprises
becker.enterprises
T
Resolved Random 404 or Web Server's Default Page - on sub domain
Replies
14
Views
2K
Peter Debik
P
Back
Top