• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Plesk Password Protected Directories - How Limit Login Attempts?

Angler

New Pleskian
Plesk 11.5.30 Update #47

When I look in a directory password protected by the Plesk Panel, I don't see an .htaccess file...

So, how does Plesk password protect directories?

And, is it possible to add functionality that would limit number of login attempts, and block an offending IP for a period of time?

Thank you in Advance!
 
As you can see in the "last.httpd.conf" - file ( or "last_ip_default.conf" - file ) at "/var/www/vhosts/system/YOURDOMAIN.COM/conf", Plesk uses the very same authentification as "normal" .htaccess - authentifications, just with the difference, that it is not named htaccess and the folder where the login - credential are saved, are not in the webroot - folder.
Code:
         <Directory "/var/www/vhosts/YOURDOMAIN.COM(/YOURSUBDOMAIN.COM)">
             AuthType Basic
             AuthName "YOUR_DESIRED_NAME_FOR_THE_LOGIN_SCREEN"
             AuthUserFile "/var/www/vhosts/system/YOURDOMAIN_OR_SUBDOMAIN.COM/pd/d..httpdocs"
             require valid-user
         </Directory>
Please be aware, that such authentifications do not work, if you use nginx to serve php - files as well ( at the moment ). In this case, you have to manually modify the "last.nginx.conf" with the necessary nginx definitions, because Parallels missed that untill now.

You could ban people with false login - attempts, using fail2ban. :)
 
Last edited by a moderator:
Back
Top