• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Prevent showing panel on other domains

O

omexlu

Regular Pleskian
Hello,

How can i prevent that the panel is shown on other domains on the server as the panel hostname?

I don't want that the panel is accessible from other domains like:
- customer1.tdl:8443
- customer2.tdl:8443
- and so on...

Only from my hostname: panel.server.tld:8443 ?

Thanks
 
I think that this is not possible with a Plesk setting, because port 8443 is sorted out from traffic in general and processed by Plesk's own Nginx instance. So no matter by what domain name or IP address the server is contacted, traffic to 8443 will always be handled by the Plesk web server. As far as I know, it is also not possible to block traffic selectively through a firewall by a combination of target URL and port. You could check the extension catalogue. I think there is an extension that redirects requests to a certain domain to the host's domain, but that still does not keep traffic from port 8443 on other domains.
 
Hm thats not good, because every smart "hacker" could check the domain if plesk is installed on this server.
All my domains are behind cloudflare network, its not possible to get the real ip of the server if the hacker found the plesk panel login?

Thanks
 
Did you use Servershield oder Cloudflare with FullDNS?
Over Servershield is only www routed over Cloudflare.
 
Hi omexlu,

omexlu said:
Hm thats not good, because every smart "hacker" could check the domain if plesk is installed on this server.
Click to expand...
Could you pls. EXPLAIN, why this is "not good" ?

omexlu said:
All my domains are behind cloudflare network, its not possible to get the real ip of the server if the hacker found the plesk panel login?
Click to expand...
It is certainly always possible to get to the information of the server ip(s) and it is always possible to get the informations, which domain uses which IP, even when you use Cloudflare, or something similar ... and you don't have to be a "hacker", to get these informations. ;)
 
Hi,

Thanks for you reply, but this are all not solutions for me. I don't want redirected to panel URL (hostname) :D, this is more horrible because it redirects then to a not protected URL (PANEL) by Cloudflare.

Maybe change the port on plesk to another not supported by cloudflare then i don't works? :)
 
Hi omexlu,

I really suggest to actually READ the mentioned Blog - article... just a small hint ( and therefore a quote from there ):
As many of you have already guessed it right, we can replace the $hostname variable with a definite address. Thus, we get rid of strict binding to the server hostname. Still, editing the configuration file is a very bad idea. Most likely, further Plesk updates will not install correctly, because the configuration file was changed. That’s why we are going to create a new file, where we simply redefine this instruction. We will create a /etc/sw-cp-server/conf.d/zzz-myhost.inc file with the following content:
Code: 
error_page 497 https://panel.provider.com:$server_port$request_uri;
Then restart sw-cp-server
Code: 
/etc/init.d/sw-cp-server restart
Thus, all users will be directed to https://panel.provider.com:8443 regardless of the server hostname.
Click to expand...
;)


omexlu said:
Maybe change the port on plesk to another not supported by cloudflare then i don't works?
Click to expand...
Feel free to experiment with what ever you would like to... it's YOUR server. :p
 
Hi,

Thanks for you reply. As i understand this blog, if i create that conf file and restart the service, the panel is only accessible trought the configured URL? (i'm bad in english) lol

Or https://customer.tld:8443 still works and only redirect to panelUrl:8443 ? Because that is what i don't want :D
 
Hi omexlu,

omexlu said:
Or https://customer.tld:8443 still works and only redirect to panelUrl:8443 ? Because that is what i don't want
Click to expand...
Sorry, as already mentioned by @Peter Debik:
Peter Debik said:
So no matter by what domain name or IP address the server is contacted, traffic to 8443 will always be handled by the Plesk web server.
Click to expand...
The redirect doesn't deny access to your domain(s)/IP(s) over port 8443, but will instantly redirect to your configured URL.
 
Ok thanks, so it don't work what i want to do :/
Maybe its better to change here the port from Plesk to another not known port (and maybe some not supported by CF).

Are there any problems if i change the ports?
 
Hi omexlu,

omexlu said:
Maybe its better to change here the port from Plesk to another not known port (and maybe some not supported by CF).
Click to expand...
sorry, but this is a total waste of time. You might "feel" more secure, by using a different port for Plesk, but it will not at all secure your server in any way. The opposite is the case: "Script-Kiddies", bot-owners and "wannabe hackers" will scan for open ports on your server more often and not only with the common port range, but as well for the whole port range, in order to get to know the used open ports. This is rather an invitation for all these kids, to "play" some more with you and to drive more bots and scripts onto your server. ;)
 
UFHH01 said:
Hi omexlu,


sorry, but this is a total waste of time. You might "feel" more secure, by using a different port for Plesk, but it will not at all secure your server in any way. The opposite is the case: "Script-Kiddies", bot-owners and "wannabe hackers" will scan for open ports on your server more often and not only with the common port range, but as well for the whole port range, in order to get to know the used open ports. This is rather an invitation for all these kids, to "play" some more with you and to drive more bots and scripts onto your server. ;)
Click to expand...

But this is not possible because cloudflare only support few ports, so they can scan how long they want if plesk has a port from cloudflare non-supported list.

The reason is:
All my website (privates) are behind CF and now i don't want that somebody can join the panel (the panel / different domain) is not behind CF.
 
You must log in or register to reply here.

Similar threads

nornagest
Question How to secure different access domains for Plesk
Replies
2
Views
977
Peter Debik
P
Rendor9
Resolved I can't renew my plesk onyx interface SSL certificate.
Replies
4
Views
1K
Rendor9
Rendor9
B
Resolved Shared hosting with multiple domains SSL/TLS issues
2
Replies
20
Views
2K
bork
B
K
Forwarded to devs Custom mailservers (clientConfig) defined in Panel.ini not shown/used
Replies
2
Views
418
Peter Debik
P
kaw.one
Question (VPS) Cloudflare, Gmail and Other Plesk Panel 8443 (2 minutes - slow read)
Replies
1
Views
595
kaw.one
kaw.one
Back
Top