• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

What is apsc (listening on port 6308)?

Barungar

New Pleskian
Hello,

I've tried searching this forum for "apsc" and "port 6308". Sadly I can't find any conclusive information to my question.

So here's my question: What is apsc? I found an apsc.conf (in /etc/sw-cp-server/conf.d) the file contains the line "listen 6308 ssl;". So far that explains why sw-cp-server is listening on that particular tcp port.

Which service is provided by apsc? Can I change it to listen only to 127.0.0.1? I like my server to have a minimum of open ports to the public.

Thanks,
Barungar
 
apsc - application service controller. It is part of Plesk. On my test server I see:

# lsof -i tcp:6308
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sw-cp-ser 20809 root 7u IPv4 121005997 0t0 TCP *:6308 (LISTEN)
sw-cp-ser 20810 sw-cp-server 7u IPv4 121005997 0t0 TCP *:6308 (LISTEN)

It is correct behaviour.
Please do not touch apsc and this port. Consequences may be unpredictable.
 
Okay, so it is the "application service controller". Why does this tool need a listening port? See, I just want to understand why any tool/program opens a listening port on my server. It's nice to know that it is part of plesk and all seems to be right. But I'd like to know why this apsc needs a listenning port. Thanks.
 
Actually this port and corresponding vhost section in sw-cp-server config is a part of integration Plesk with other Parallels Automation solutions like PBAS, POA, etc. You can safely comment this vhost section in config and this port will not listen if you do not use mentioned integration.
 
Thanks, IgorG.

So I will change the line "listen 6308 ssl;" to "listen 127.0.0.1:6308 ssl;" in /etc/sw-cp-server/conf.d/apsc.conf
That should stop this service from listening to the public.

Barungar
 
How does one alter the software listening on that port to not accept SSLv3 so it doesn't cause PCI scan failures?
 
Actually this port and corresponding vhost section in sw-cp-server config is a part of integration Plesk with other Parallels Automation solutions like PBAS, POA, etc. You can safely comment this vhost section in config and this port will not listen if you do not use mentioned integration.

IgorG, would it be safe to assume that adding 127.0.0.1 to the "Source Address" in the firewall for port 6308, thus blocking the port from the public, should have no consequences?
I am controlling the iptables firewall in the Parallels Power Panel.
 
IgorG, would it be safe to assume that adding 127.0.0.1 to the "Source Address" in the firewall for port 6308, thus blocking the port from the public, should have no consequences?
I am controlling the iptables firewall in the Parallels Power Panel.
Yes, I think you can do it safely for Plesk, but I'm not sure about "Parallels Power Panel".
 
Back
Top