• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Protect Plesk panel with htpasswd and htaccess

A

AlessioF

Guest
Hello,
I'm trying to protect the access to the Plesk Panel with an htpasswd file, but I can't seem to make it work.
I've created a .htaccess file in /opt/psa/admin/htdocs directory (which is for me the panel directory) but anything I put in that htaccess file it's ignored. What am I doing wrong? Is there a way to do this from inside the Plesk panel or is my method the right one?
Thank you
 
Found a Solution...

Plesk 9+ is based on Lighttpd, so you have to add the following in

# Limit access to Admin
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/opt/psa/admin/htdocs/.htpasswd"
auth.require = ( "/" =>
(
"method" => "basic",
"realm" => "Rocket-Guyana",
"require" => "valid-user"
),
)

/etc/sw-cp-server/applications.d/plesk.socket.sh -> eg. after the fastcgi section

then add "mod_auth" to the first line in plesk.conf and restart the server /etc/init.d/sw-cp-server restart

Hope it helps. I post the solution for other ppl so they can apply the same.

--
Frank
 
What's the reason of doing this?

Plesk already has its own auth form. If you're a hoster you will start forcing customers to enter passwords twice. Or you don't give an access to the control panel to your customers?

If you want to prohibit the access to the panel for everybody excepting you, you can use Firewall module (or iptables directly). If you want to restrict an admin access, you can take a look at Tools & Settings -> IP access restriction management.
 
thinkt about it and you might find it an easy way to stuff a potential security risk (plesk control panel). This way it is relatively save from any sort of panel script attack. iptables is ip/protocol based, this user/pass is more suitable for a lot of people and a no go for automated script hacks etc.
 
I'm trying to understand how do you use the panel? Do you have clients or use it for personal purpose. If you have clients, do they enter passwords twice (first time due to htpasswd, second in Plesk auth form)? Looks like adding of htpasswd can be useful only if you use the panel only for personal purposes.
 
Big Thanks! Its working fine in 11.0.9, but after update to 11.5.30 this path not exist:
FrankSM said:
/etc/sw-cp-server/applications.d/plesk.socket.sh
Click to expand...

Is here a way to add htaccess for 11.5.30? :)

EDIT:
http://download1.parallels.com/Plesk/PP11/11.1/release-notes/parallels-plesk-panel-11.1-for-linux-based-os.html said:
Panel now uses nginx as the internal web server (used to host the Panel GUI) instead of lighttpd.
Click to expand...
 
Last edited:
You must log in or register to reply here.

Similar threads

C
Question Scripting access to restricted directories through user email registration
Replies
1
Views
237
Martin Dias
Martin Dias
N
Question Add basic auth to login_up.php
Replies
6
Views
9K
kpushkarev
K
Hangover2
Input Plesk Obsidian 18.0.59 - stable enough for live deployment?
Replies
6
Views
2K
Hangover2
Hangover2
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
728
NewGate
N
D
Issue Can't see the button for password protected directories
Replies
4
Views
814
Peter Debik
P
Back
Top