Browse by Category

360 Monitoring
0
AccelerateWP
12
Account & Billing
86
Backups
25
Cloudflare FAQs
19
CodeGuard Backup
0
cPanel
121
cPanel Databases
10
cPanel File Manager
36
cPanel Git
0
cPanel Resellers
11
Domain & DNS
111
Drupal
1
Email Hosting
86
FAQs
5
Joomla
2
Koality
0
Linux Administration
105
Plesk
95
Reseller Hosting
40
SEO Optimization
2
Sitejet
0
SiteLock
11
SitePad
1
Softaculous
45
SolusVM
0
Spam Experts
20
SSL/TLS
1
Web Apps
1
Web Hosting Addons
3
Website Security
62
Webuzo
0
Weebly Builder
6
WHMCS
35
WordPress
87
WP Squared
26
XOVI SEO
5

  Browse by Category

  Idea Storm

wordpress beginner wordpress tutorial wordpress guide wordpress hosting wp squared web hosting wp plugin phpMyAdmin cpanel hosting dns file manager backups terminal cli domain forwarding cloudflare User Management Permissions cPanel Web Hosting Security cPanel UAPI Server Migration Apache Directives Apache Migration htaccess PHP End of Life PHP CGIEmail Web Scripting Security Vulnerabilities Scripting Languages cPanel Email Management Web Hosting Management Email Quotas cPanel Interface Account Management cPanel Login cPanel Security Two-Factor Authentication Login Issues Cloudflare Configuration Troubleshooting Tips Domain Forwarder Email Forwarding File Management cPanel File Manager File Deletion Custom Error Pages cPanel Error Pages HTTP Status Codes Git Version Control Command Line (CLI) cPanel Metrics Awstats Resource Utilization Webalizer Website Statistics Email Configuration Email Ports cPanel Email Accounts cPanel Subdirectory Web Hosting Manager cPanel Webmail Mod_Pagespeed FTP Accounts Website Management File Sharing Team Collaboration Security SSH cPanel Backup IP Blocking Website Security Website Protection Email Security Multi-Factor Authentication cPanel Language SPF DKIM DMARC Email Deliverability cPanel Email Forwarding SFTP cPanel Team User User Roles cPanel Permissions DNSSEC DNS Security Domain Alias Addon Domains cPanel File Management Subdomains Alias Domains Email Autoresponders Mailing Lists Image Optimization Website Performance Image Editing Troubleshooting Browser Cache cPanel Terminal Command-Line Interface Data Security Download Files File Compression Website Migration DNS Management Website File Editing Text Editors ModPagespeed Website Optimization Domain Alias Redirection Website Traffic Management Domain Redirection SSL/TLS Certificate Installation AutoSSL Troubleshooting HTTPS Encryption cPanel SSL/TLS Status Secure Website Traffic File Extraction File Upload SSL/HTTPS Performance Optimization SSL/HTTPS Redirection Domain Hosting DNS Configuration Domain Security cPanel Zone Editor cPanel Username cPanel Password cPanel Access WebHostingM Support WHM Access Reseller Control Panel Web Host Manager Reseller Hosting Webmail Login Email Management Webmail Access cPanel Login Accessing cPanel cPanel Sub-Accounts Access Control SSH Login Security Enhancement CDN Integration WordPress Optimization API Key Management Payment Billing Promotional Credits Coupons Hosting Orders Verification Auto-Renewals Late Fees Bandwidth GST WebSpace SEPA PayPal Cancellation Suspension Email Address Password Reset Refunds Money-Back Guarantee Domain Transfer Domain Renewals Upgrade Paystack Hosting Support Language VAT Taxes Discounts Credit Card ACH Invoices Hosting Trial AccelerateWP WordPress XML-RPC FTP/SFTP REST API WordPress Toolkit Softaculous PHP X-Ray WordPress Plugins Databases Wo Plesk mod_lsapi CloudLinux Google Workspace mod_security nginx Imunify360 Joomla Drupal CodeGuard Jetbackup Roundcube BoxTrapper Horde Domain Management WHM Domain Registration Domain Suspension PowerDNS rDNS CNAME BIND MySQL Inodes WordPress Migration MTA-STS 2FA Dedicated IP Support Ticket SitePad Website Builder 301 Redirect Naked Domain Redirect WHMCS Cron WHMCS License WHMCS Security WHMCS Automation WHMCS Migration SEO XOVI Now Weebly Website Builder SpamExperts SiteLock ModSecurity Fail2Ban phpinfo SpamAssassin atop Plesk PHP settings Migration Firewall PHP Configuration Plesk File Manager Plesk FTP AlegroCart Backup Restoration Scheduled Backup Hostname Postfix SMTP CageFS OpCache EasyApache 4 WebHostingM Name Servers Contact Information Management Search Engine Indexing Email Issues catch-all-address Quota Plesk Security error-troubleshooting cPanel Redirects .htaccess configuration

  Support

Your Support Tickets
News & Announcements
Knowledgebase
Downloads
Network Status
New Ticket

Restrict Remote Access via Plesk API for Enhanced Security Print

  • Plesk, Security, Security Enhancement, Secure Website Traffic
  • 0

Restrict Remote Access via Plesk API for Enhanced Security

Disclaimer: Always test these steps in a safe environment before applying them to your production server. Make sure to consult the latest documentation for any updates.

Plesk is a versatile web hosting platform that simplifies the management of websites, applications, and servers. It provides a user-friendly interface for tasks like domain management, database administration, and security settings. One powerful feature of Plesk is its API, which allows you to interact programmatically with your Plesk installation.

What is the Plesk API?

The Plesk API is an interface that enables you to perform various operations remotely. This includes creating customer accounts, managing subscriptions, and automating other administrative tasks. However, like any powerful tool, it can be exploited if not properly secured.

Why Restrict Remote Access?

Allowing unrestricted access to the Plesk API can expose your server to potential attacks. Restricting access to trusted IP addresses helps safeguard your server from unauthorized access and malicious activities.

Prerequisites

  • Administrative access to your Plesk panel.
  • Basic understanding of how to edit configuration files.

Steps to Restrict Access via Plesk API

    1. Log into Your Plesk Panel.
    2. Locate the panel.ini File. This file is typically found in the Plesk installation directory. You can access it via SSH:
sudo nano /etc/psa/psa.conf
    1. Edit the panel.ini File. You will need to add specific entries to restrict API access:
    2. To Prohibit All Connections via Plesk API, add the following lines:
[api]
enabled = off
    1. To Allow Connections Only from Specific IP Addresses, use the following format:
[api]
allowedIPs = IP_addresses

Replace IP_addresses with the trusted IP addresses separated by commas or whitespace. Here are valid examples:

[api]
allowedIPs = 10.58.108.100,192.168.150.1
[api]
allowedIPs = 10.58.108.100 192.168.150.1
    1. Save Your Changes. If you are using nano, press CTRL + X, then Y to confirm, and ENTER to exit.
    2. Restart Plesk Services to apply the changes:
sudo service psa restart

Gotchas to Avoid

  • Ensure you do not add whitespace before or after the commas separating multiple allowed IP addresses.
  • Double-check your IP addresses to avoid locking yourself out of the API.
  • Regularly review and update your allowed IP list as necessary to maintain security.

Conclusion

By following these steps, you can effectively restrict remote access to your Plesk API, enhancing the security of your server. This proactive approach helps protect against unauthorized access and potential attacks.

Did this answer help?

Related Articles

How To Add Public SSH Key To Your WebHostingM cPanel For SSH Access Take website security to the next level! This comprehensive guide explores generating SSH keys... How To Banish Unwanted Visitors From Accessing Your Site In cPanel Learn how to block IP addresses from accessing your website using cPanel's IP Blocker interface.... How To Change An Email Account Password In WebHostingM cPanel Learn how to change your email account password in cPanel to enhance email security and protect... How To Create A cPanel Sub-Account For Your Website Developer Learn how to create and manage sub-accounts for your website developers using cPanel's Manage... How To Deal With cPanel Terminal Error: The WebSocket Handshake Failed Learn how to resolve the "WebSocket handshake failed" error in your cPanel Terminal interface....
« Back

  Idea Storm

wordpress beginner wordpress tutorial wordpress guide wordpress hosting wp squared web hosting wp plugin phpMyAdmin cpanel hosting dns file manager backups terminal cli domain forwarding cloudflare User Management Permissions cPanel Web Hosting Security cPanel UAPI Server Migration Apache Directives Apache Migration htaccess PHP End of Life PHP CGIEmail Web Scripting Security Vulnerabilities Scripting Languages cPanel Email Management Web Hosting Management Email Quotas cPanel Interface Account Management cPanel Login cPanel Security Two-Factor Authentication Login Issues Cloudflare Configuration Troubleshooting Tips Domain Forwarder Email Forwarding File Management cPanel File Manager File Deletion Custom Error Pages cPanel Error Pages HTTP Status Codes Git Version Control Command Line (CLI) cPanel Metrics Awstats Resource Utilization Webalizer Website Statistics Email Configuration Email Ports cPanel Email Accounts cPanel Subdirectory Web Hosting Manager cPanel Webmail Mod_Pagespeed FTP Accounts Website Management File Sharing Team Collaboration Security SSH cPanel Backup IP Blocking Website Security Website Protection Email Security Multi-Factor Authentication cPanel Language SPF DKIM DMARC Email Deliverability cPanel Email Forwarding SFTP cPanel Team User User Roles cPanel Permissions DNSSEC DNS Security Domain Alias Addon Domains cPanel File Management Subdomains Alias Domains Email Autoresponders Mailing Lists Image Optimization Website Performance Image Editing Troubleshooting Browser Cache cPanel Terminal Command-Line Interface Data Security Download Files File Compression Website Migration DNS Management Website File Editing Text Editors ModPagespeed Website Optimization Domain Alias Redirection Website Traffic Management Domain Redirection SSL/TLS Certificate Installation AutoSSL Troubleshooting HTTPS Encryption cPanel SSL/TLS Status Secure Website Traffic File Extraction File Upload SSL/HTTPS Performance Optimization SSL/HTTPS Redirection Domain Hosting DNS Configuration Domain Security cPanel Zone Editor cPanel Username cPanel Password cPanel Access WebHostingM Support WHM Access Reseller Control Panel Web Host Manager Reseller Hosting Webmail Login Email Management Webmail Access cPanel Login Accessing cPanel cPanel Sub-Accounts Access Control SSH Login Security Enhancement CDN Integration WordPress Optimization API Key Management Payment Billing Promotional Credits Coupons Hosting Orders Verification Auto-Renewals Late Fees Bandwidth GST WebSpace SEPA PayPal Cancellation Suspension Email Address Password Reset Refunds Money-Back Guarantee Domain Transfer Domain Renewals Upgrade Paystack Hosting Support Language VAT Taxes Discounts Credit Card ACH Invoices Hosting Trial AccelerateWP WordPress XML-RPC FTP/SFTP REST API WordPress Toolkit Softaculous PHP X-Ray WordPress Plugins Databases Wo Plesk mod_lsapi CloudLinux Google Workspace mod_security nginx Imunify360 Joomla Drupal CodeGuard Jetbackup Roundcube BoxTrapper Horde Domain Management WHM Domain Registration Domain Suspension PowerDNS rDNS CNAME BIND MySQL Inodes WordPress Migration MTA-STS 2FA Dedicated IP Support Ticket SitePad Website Builder 301 Redirect Naked Domain Redirect WHMCS Cron WHMCS License WHMCS Security WHMCS Automation WHMCS Migration SEO XOVI Now Weebly Website Builder SpamExperts SiteLock ModSecurity Fail2Ban phpinfo SpamAssassin atop Plesk PHP settings Migration Firewall PHP Configuration Plesk File Manager Plesk FTP AlegroCart Backup Restoration Scheduled Backup Hostname Postfix SMTP CageFS OpCache EasyApache 4 WebHostingM Name Servers Contact Information Management Search Engine Indexing Email Issues catch-all-address Quota Plesk Security error-troubleshooting cPanel Redirects .htaccess configuration

  Support

Your Support Tickets
News & Announcements
Knowledgebase
Downloads
Network Status
New Ticket

Trusted by over 35,000 customers in over 200 countries