Question
How to allow access to a website directory from specific IP address in Plesk?
Answer
Using Plesk GUI
-
If Reverse Proxy Server (nginx) is enabled in Tools & Settings > Services Management and PHP handled by Apache in Domains > example.com > PHP Settings:
-
Open Domains > example.com > Apache & nginx Settings.
- Disable Serve static files directly by nginx.
-
Add the following in Additional directives for HTTP/S section, where 203.0.113.2 is the IP address from which access to a directory should be allowed.:
<Location "/exampledirectory">
Order Deny,Allow
Deny from all
Allow from 203.0.113.2
</Location>
-
If Reverse Proxy Server (nginx) is enabled in Tools & Settings > Services Management and PHP handled by nginx in Domains > example.com > PHP Settings, where 203.0.113.2 - IP address from which access to a directory should be allowed:
-
Open Domains > example.com > Apache & nginx Settings.
-
Add the following in Additional nginx directives section:
location / {
try_files $uri $uri/ /index.php;
}
location ^~ /exampledirectory {
allow 203.0.113.2;
deny all; location /exampledirectory/ {
index index.php; }
location ~ ^/~(.+?)(/.?.php)(/.)?$ { alias /var/www/vhosts/example.com/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ .php(/.*)?$ {
fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
}
-
If Reverse Proxy Server (nginx) is disabled in Tools & Settings > Services Management
-
Open Domains > example.com > Apache & nginx Settings, where 203.0.113.2 - IP address from which access to a directory should be allowed.
-
Add the following to Additional Apache directives section:
<Location "/exampledirectory">
Order Deny,Allow
Deny from all
Allow from 203.0.113.2
</Location>
Directly on the server
-
Connect to the server via SSH.
-
Find what version of Apache Web Server is installed on the server:
-
for CentOS/RHEL-based distributions:
# httpd -v | grep version
Server version: Apache/2.2.15 (Unix) -
for Debian/Ubuntu-based distributions:
# apache2 -v | grep version
Server version: Apache/2.4.18 (Ubuntu)
-
-
Check that
authz_host_moduleis installed and enabled:-
for CentOS/RHEL-based distributions:
# httpd -M | grep 'authz_host_module'
authz_host_module (shared) -
for Debian/Ubuntu-based distributions:
# apache2ctl -M | grep 'authz_host'
authz_host_module (shared)
-
-
Create
.htaccessfile in the directory where access should be restricted, for example/var/www/vhosts/example.com/httpdocs/exampledirectory/.htaccessusing a text editor and add the following content:-
For Apache Web Server version lower than 2.4:
Order Deny,Allow
Deny from all
Allow from 203.0.113.2
Allow from 203.0.113.3 -
For Apache Web Server 2.4 and greater:
<IfModule mod_authz_host.c>
<RequireAny>
Require ip 203.0.113.2
Require ip 203.0.113.3
</RequireAny>
</IfModule>
Note: make sure to add the correct IP address to the allow list. The actual IP address used to access the site from, can be seen at https://ifconfig.co/
-
with