Plesk Password Protected Directories - How Limit Login Attempts?

[Angler]

Plesk 11.5.30 Update #47

When I look in a directory password protected by the Plesk Panel, I don't see an .htaccess file...

So, how does Plesk password protect directories?

And, is it possible to add functionality that would limit number of login attempts, and block an offending IP for a period of time?

Thank you in Advance!

 

[UFHH01]

As you can see in the "last.httpd.conf" - file ( or "last_ip_default.conf" - file ) at "/var/www/vhosts/system/YOURDOMAIN.COM/conf", Plesk uses the very same authentification as "normal" .htaccess - authentifications, just with the difference, that it is not named htaccess and the folder where the login - credential are saved, are not in the webroot - folder.

         <Directory "/var/www/vhosts/YOURDOMAIN.COM(/YOURSUBDOMAIN.COM)">
             AuthType Basic
             AuthName "YOUR_DESIRED_NAME_FOR_THE_LOGIN_SCREEN"
             AuthUserFile "/var/www/vhosts/system/YOURDOMAIN_OR_SUBDOMAIN.COM/pd/d..httpdocs"
             require valid-user
         </Directory>

Please be aware, that such authentifications do not work, if you use nginx to serve php - files as well ( at the moment ). In this case, you have to manually modify the "last.nginx.conf" with the necessary nginx definitions, because Parallels missed that untill now.

You could ban people with false login - attempts, using fail2ban.

 

[Angler]

Excellent explanation - thank you!

I will look into fail2ban.