Protect plesk panel 11.5 with htaccess(auth basic)

[Azurel]

Before 11.5.x you can use this way:
http://forum.parallels.com/showthre...d-and-htaccess&p=621603&viewfull=1#post621603

With 11.5 this not working, because plesk now use nginx and not lighttpd. Where I can find nginx config and what I must add for protect plesk gui? Thanks.

 

[abdi]

what I must add for protect plesk gui? Thanks.

What are your objectives? Or rather what kind of protection would you like to offer Plesk?

 

[abdi]

Where I can find nginx config

/usr/local/psa/admin/

NB: Do not meddle with plesk system files (this could break your plesk or even changes be overwritten on the next upgrade), unless you are sure you know what you are doing

 

[Azurel]

I'm the only one with access to plesk 11.5.x on my server. For me this gives a feeling of much more security.

A todo to protect plesk with htaccess auth would be great!

 

[abdi]

.htaccess isnt so secure as you may think, it can too be broken ..

However, sure way would be to use the firewall module to BLOCK all access to port 8443 except for the networks you define (your own networks). The danger of this is you could easily lock your self out ..

But if you have SSH access to your server I would recommend installing CSF to do the limitations on ports and extra firewall / restrictions features that ship with it ..If you need professional support installing and configuring it, see by signature

 

[Azurel]

I have a new IP every 24h. I prefer a simple auth(login) directly in plesk nginx config setting, like here http://forum.parallels.com/showthre...d-and-htaccess&p=621603&viewfull=1#post621603 with lighty.

Can anybody help with this?

 

[abdi]

In that case go to

/usr/local/psa/admin/htdocs

And password protect it ...

More here ...
http://help.1and1.com/hosting-c3763...-protect-your-filesfolders-linux-a777001.html

 

[Azurel]

Thanks, but my last info is:

Panel now uses nginx as the internal web server (used to host the Panel GUI) instead of lighttpd.

So I think .htaccess have nothing to do with this. A htaccess file is (only in my eyes) a bad practice. nginx not support this for performance reason, all setting must store in config file. I have disable htaccess in my vhosts.conf and set all in my vhost.conf of each domain.

 

[Azurel]

Can anybody help here to protect plesk gui with a basic auth?

Where is the config file for plesk intern nginx server?


This is not working, I have test it.

In that case go to

/usr/local/psa/admin/htdocs

And password protect it ...

 

[MisterU]

Azurel,

You can try to use next steps to get expected result:

# Create /etc/sw-cp-server/conf.d/protect-plesk.inc with content:
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/sw-cp-server/conf.d/passwd;
}

# Generate passwd file
htpasswd -c /etc/sw-cp-server/conf.d/passwd admin

# Set correct permissions:
chown sw-cp-serversaadm /etc/sw-cp-server/conf.d/passwd
chmod 640 /etc/sw-cp-server/conf.d/passwd

# Restart panel web server
/etc/init.d/sw-cp-server restart

Don't shy to ask if you need more info!

 

[Azurel]

# Create /etc/sw-cp-server/conf.d/protect-plesk.inc with content:
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/sw-cp-server/conf.d/passwd;
}

# Generate passwd file
htpasswd -c /etc/sw-cp-server/conf.d/passwd admin

# Set correct permissions:
chown sw-cp-serversaadm /etc/sw-cp-server/conf.d/passwd
chmod 640 /etc/sw-cp-server/conf.d/passwd

# Restart panel web server
/etc/init.d/sw-cp-server restart

This working perfectly! Thank you so much. raise:

I changed creating password to

htpasswd -cm /etc/sw-cp-server/conf.d/passwd [I]username[/I]

added parameter -m for "-m Force MD5 encryption of the password.". Default (here with me) is Crypt and not MD5. Crypt is very old and only use first 8 chars of your password. I want a very long password.

Thanks!

 

[stevang]

does this solution stay active with future updates?

Azurel,

You can try to use next steps to get expected result:

# Create /etc/sw-cp-server/conf.d/protect-plesk.inc with content:
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/sw-cp-server/conf.d/passwd;
}

# Generate passwd file
htpasswd -c /etc/sw-cp-server/conf.d/passwd admin

# Set correct permissions:
chown sw-cp-serversaadm /etc/sw-cp-server/conf.d/passwd
chmod 640 /etc/sw-cp-server/conf.d/passwd

# Restart panel web server
/etc/init.d/sw-cp-server restart

Don't shy to ask if you need more info!

 

[abdi]

It should stay with just minor updates...(even with major updates as long as they don't change the folder structure)

 

[stevang]

will this be added as a feature into plesk? i would like that.

It should stay with just minor updates...(even with major updates as long as they don't change the folder structure)

 

[abdi]

If you like it added, then create a feature request here:

http://plesk.uservoice.com/forums/184549-feature-suggestions