Resolved Prevent showing panel on other domains

[omexlu]

Hello,

How can i prevent that the panel is shown on other domains on the server as the panel hostname?

I don't want that the panel is accessible from other domains like:
- customer1.tdl:8443
- customer2.tdl:8443
- and so on...

Only from my hostname: panel.server.tld:8443 ?

Thanks

 

[Bitpalast]

I think that this is not possible with a Plesk setting, because port 8443 is sorted out from traffic in general and processed by Plesk's own Nginx instance. So no matter by what domain name or IP address the server is contacted, traffic to 8443 will always be handled by the Plesk web server. As far as I know, it is also not possible to block traffic selectively through a firewall by a combination of target URL and port. You could check the extension catalogue. I think there is an extension that redirects requests to a certain domain to the host's domain, but that still does not keep traffic from port 8443 on other domains.

 

[omexlu]

Hm thats not good, because every smart "hacker" could check the domain if plesk is installed on this server.
All my domains are behind cloudflare network, its not possible to get the real ip of the server if the hacker found the plesk panel login?

Thanks

 

[Janko1000]

Did you use Servershield oder Cloudflare with FullDNS?
Over Servershield is only www routed over Cloudflare.

 

[omexlu]

I dont use Servershield

 

[UFHH01]

Hi omexlu,

Hm thats not good, because every smart "hacker" could check the domain if plesk is installed on this server.

Could you pls. EXPLAIN, why this is "not good" ?

All my domains are behind cloudflare network, its not possible to get the real ip of the server if the hacker found the plesk panel login?

It is certainly always possible to get to the information of the server ip(s) and it is always possible to get the informations, which domain uses which IP, even when you use Cloudflare, or something similar ... and you don't have to be a "hacker", to get these informations.

 

[omexlu]

Could you pls. EXPLAIN, why this is "not good" ?

Because i want to minimize the risk, i don't want that anybody can open the panel over that domains, is there no way?

 

[UFHH01]

Hi omexlu,

as already suggested by @Peter Debik, there is a Plesk extension, called

=> "Custom Plesk Host",​

but you might be as well interested in the Plesk Blog article

=> "About Plesk URL or Telling Customers the Right Address to Go to"​

or a FORUM SEARCH, where you could find for example => #2

 

[omexlu]

Hi,

Thanks for you reply, but this are all not solutions for me. I don't want redirected to panel URL (hostname) , this is more horrible because it redirects then to a not protected URL (PANEL) by Cloudflare.

Maybe change the port on plesk to another not supported by cloudflare then i don't works?

 

[UFHH01]

Hi omexlu,

I really suggest to actually READ the mentioned Blog - article... just a small hint ( and therefore a quote from there ):

As many of you have already guessed it right, we can replace the $hostname variable with a definite address. Thus, we get rid of strict binding to the server hostname. Still, editing the configuration file is a very bad idea. Most likely, further Plesk updates will not install correctly, because the configuration file was changed. That’s why we are going to create a new file, where we simply redefine this instruction. We will create a /etc/sw-cp-server/conf.d/zzz-myhost.inc file with the following content:

error_page 497 https://panel.provider.com:$server_port$request_uri;

Then restart sw-cp-server

/etc/init.d/sw-cp-server restart

Thus, all users will be directed to https://panel.provider.com:8443 regardless of the server hostname.

Maybe change the port on plesk to another not supported by cloudflare then i don't works?

Feel free to experiment with what ever you would like to... it's YOUR server.

 

[omexlu]

Hi,

Thanks for you reply. As i understand this blog, if i create that conf file and restart the service, the panel is only accessible trought the configured URL? (i'm bad in english) lol

Or https://customer.tld:8443 still works and only redirect to panelUrl:8443 ? Because that is what i don't want

 

[UFHH01]

Hi omexlu,

Or https://customer.tld:8443 still works and only redirect to panelUrl:8443 ? Because that is what i don't want

Sorry, as already mentioned by @Peter Debik:

So no matter by what domain name or IP address the server is contacted, traffic to 8443 will always be handled by the Plesk web server.

The redirect doesn't deny access to your domain(s)/IP(s) over port 8443, but will instantly redirect to your configured URL.

 

[omexlu]

Ok thanks, so it don't work what i want to do :/
Maybe its better to change here the port from Plesk to another not known port (and maybe some not supported by CF).

Are there any problems if i change the ports?

 

[UFHH01]

Hi omexlu,

Maybe its better to change here the port from Plesk to another not known port (and maybe some not supported by CF).

sorry, but this is a total waste of time. You might "feel" more secure, by using a different port for Plesk, but it will not at all secure your server in any way. The opposite is the case: "Script-Kiddies", bot-owners and "wannabe hackers" will scan for open ports on your server more often and not only with the common port range, but as well for the whole port range, in order to get to know the used open ports. This is rather an invitation for all these kids, to "play" some more with you and to drive more bots and scripts onto your server.

 

[omexlu]

Hi omexlu,


sorry, but this is a total waste of time. You might "feel" more secure, by using a different port for Plesk, but it will not at all secure your server in any way. The opposite is the case: "Script-Kiddies", bot-owners and "wannabe hackers" will scan for open ports on your server more often and not only with the common port range, but as well for the whole port range, in order to get to know the used open ports. This is rather an invitation for all these kids, to "play" some more with you and to drive more bots and scripts onto your server.

But this is not possible because cloudflare only support few ports, so they can scan how long they want if plesk has a port from cloudflare non-supported list.

The reason is:
All my website (privates) are behind CF and now i don't want that somebody can join the panel (the panel / different domain) is not behind CF.