Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
134 results found
-
1 vote
-
Make Plesk Firewall add/change rules incrementally without restarting the whole service
Make Plesk Firewall add/change rules incrementally without restarting the whole service.
Now Plesk firewall reloads all rules in iptables when rules are changed in firewall (all rules are added anew). If there is a long list of blacklisted IPs or server is under a brute-force attack and there are a lot of IPs blocked by the Fail2Ban, adding/changing any rule via Plesk Firewall will cause server restart that is taking a lot of time due to a large number of blocked IPs.
1 voteThank you for your input! We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Enable IIS option "loadUserProfile:true" for dedicated application pools
In Windows Server IIS, it is recommended to set loadUserProfile:true for dedicated application pools. Doing so guarantees better application isolation and security for web applications created with ASP.NET, .NET Core or PHP.
You can find some basic information about this setting in this Stack Overflow answer: https://stackoverflow.com/a/17149834/1297898.
Official Microsoft documentation: https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities, https://docs.microsoft.com/en-us/iis/manage/configuring-security/ensure-security-isolation-for-web-sitesI will be pleased to provide any additional information you may require.
29 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Add possibility issue Let's Encrypt SSL certificate for mail server when the "A" DNS record for domain is pointing to another server
This feature is required for users with the configuration when on the Plesk only mail server for domain is used.
"A" DNS record for mail.example.com is pointing to Plesk server, when when "A" record for example.com is pointing to another server.
158 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Add a security mechanism when changing a user password
Add a security mechanism for resetting a user password in Plesk, for example verify the password change via email or add a field to submit the old password (implemented for Plesk admin user)
1 vote -
Prevent users to be able to remove files from file manager
Add the possibility to prevent/block any file or directory removal from within the File Manager in Plesk by the subscription/domain users.
An example that could be applied is the same as it can be applied already for ProFTP config files as follows:
<Directory /var/www/vhosts/*/.cagefs>
<Limit ALL>
DenyAll
</Limit>
</Directory><Directory /var/www/vhosts/*/.cl.selector>
<Limit ALL>
DenyAll
</Limit>
</Directory><Directory /var/www/vhosts/*/error_docs>
<Limit DELE>
DenyAll
</Limit>
</Directory><Directory /var/www/vhosts/*/httpdocs>
<Limit RMD>
DenyAll
</Limit>
</Directory><Directory /var/www/vhosts/*/httpdocs/*>
<Limit RMD>
AllowAll
</Limit>
</Directory>8 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Apply SELinux policy for custom vhosts directory
Currently Plesk has predefined SELinux policies for default location of vhosts directory (/var/www/vhosts). If virtual hosts directory changed to custom one, it is needed to disable SELinux (set to permissive), for correct websites working capacity. It would be great to change transvhosts.pl script that policies for /var/www/vhosts will applies to custom vhost directory.
6 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
More advanced anti-ddos interface and settings
This (https://support.plesk.com/hc/en-us/articles/115000784914-What-DDoS-protection-tools-are-available-in-Plesk) recently updated article shows that we still need paid extensions to better protect our servers against ddos attacks.
It would be great if Plesk would create a more advanced anti-ddos monitoring tool with a useful interface, alerts, and the right amount of settings to better protect our servers from ddos attacks without the need to install a third party extension with additional costs. Preferably created with "good defaults" in mind.
8 votesEffective DDoS solutions must be installed before the server, not on the server. Because once an attack is able to reach the server, it will block all network bandwith and create a high cpu load so that the server becomes unavailable for other tasks. No on-server DDoS protection can perform good enough to keep a server safe from that. Plesk already has on-server protection, such as Fail2Ban and the built-in firewall capabilities. Nevertheless, we'd love to hear what you are missing as an on-server protection.
The request asks for and "advanced anti-ddos monitoring tool with a useful interface, alerts, and the right amount of settings".
Could you please be specific about these points.
- What exactly makes an "advanced" tool for you?
- How do you imagine a "useful" interface?
- What "alerts" would you like to get?
- What are the "right amount of settings" for you?
Please let…
-
Disable old TLS protocols in Plesk for Windows
In Plesk for Linux, Plesk provides a functionality to select the SSL protocols available by running:
plesk bin server_pref -u -ssl-protocols "TLSv1.2"
Or meet with PCI compliance with the utility:
plesk sbin pcicomplianceresolver
Plesk for Windows doesn't provide such functionality, moreover, Plesk doesn't recommend to disable these protocols: https://support.plesk.com/hc/en-us/articles/115000360813
It'd be really helpful and safe that Plesk will provide officially the support of the same functionality for Windows, especially for companies that are requiring high-security standards.
13 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Add "mail.example.com" (mail subdomain) in Subject Alternative Names when option "Assign the certificate to mail domain" is selected
Currently almost all mail clients (I used) need the server address to be in the Subject Alternative Names on the certificate, meaning if the configured address is "mail.example.com" instead of "example.com", that first subdomain is not present in the certificate, even when the option "Assign the certificate to mail domain" is selected when issuing the certificate.
9 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Disable "Show password" buttons
An option to disable "show password" buttons would be a nice addition to the security policy.
2 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Separate mozilla tls cipher settings for web and mail
Please separate the mozilla tls cipher settings for web and mail.
Sometimes the old ciphers has to set only for mail and not for web.
Additionally it would be great if the setting could available on domain basis.Please see this forum post as a reference: https://talk.plesk.com/threads/tls-versions-and-ciphers-by-mozilla-issue-with-the-last-synchronisation.358066/post-882924
7 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Created Scheduled Tasks (Cron jobs) via Plesk GUI should be registered in the action log
At the moment the created Scheduled Tasks (Cron jobs) via Plesk GUI are not registered in the action log.
Also, according to /var/log/messages and /var/log/cron it is not clear what task was created, the name of the task and it is also difficult to understand was the cron task created or not.
9 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
In banned IP of (Fail2Ban) add the name of subscription where the violating IP was found
In banned IP of (Fail2Ban) add the name of subscription have the infection
2 votesThank you for your feature request. We will consider the possibility of its implementation if it becomes sufficiently popular and in demand.
—
IG -
Require domain TXT record verification before adding domain to Plesk.
Require domain TXT record verification before adding domain to Plesk.
Plesk need to implement an option to require domains to be verified like for example Let's Encrypt with a TXT record with a key value, that Plesk can check on an admin specified interval like 5 mins perhaps, with a self-cleaning feature that removes un-verified domains after X days.
So as Plesk administrator you can activate the domain verification option on subscription level, that requires the customers to verify their domain, when using the function "add domain".
So "add domain" should have an initial state of "awaiting verification" before it…
3 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Block user access after failed attempts
It would be great to implement in Plesk a new feature.
When there are X failed attempts, in Plesk there should be the possibility to block automatically the access to the customer account (completely or for a certain period of time).
As per now, Plesk block the IP address via Fail2ban, but this is not the feature that we need. We just want to block the access completely or temporarily for the affected login.
5 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Add Nginx Jails to Fail2Ban
Plesk has - praise be - increasingly better supported Nginx, now with the option to use only Nginx, which is great.
That being so, now we need the next logical step: The Fail2Ban Jails for Apache are available, but will have no effect, as Apache is not used at all any more. So we need some Jails for Nginx.
This is not exactly rocket science, there are plenty of examples to be found on the web, the Fail2Ban distribution has some, and here's an article on digitalocean:
https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-14-04Search for: fail2ban nginx 404
E.g. https://nichteinschalten.de/apache-nginx-404-fail2ban-regex/
Note The 404 code is…20 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Allow to register all let's encrypt certificates with a freely configurable ACME ID
Customer has around 2000 domains and hitting the weekly limit for the new certificates. All domains have different ACME IDs
Customer reached Let's Encrypt support and they agreed to increase limits but require to provide "his own dedicated ACME ID". This feature is required to get such dedicated id.
This is useful when a lot of domains were migrated to another server and it is required to secure them quickly without reaching limits.
4 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Disable/Enable access to plesk web interface
I want stop plesk web interface without side effects for the services. I only mean the access as client in the browser. I'm thinking about disabling the web interface via the shell to avoid the many login attempts, to increase security and if you need the web interface yourself, you can temporarily enable it via the shell.
or
Here is already a feature "Restricting Administrative Access" per ip address. https://docs.plesk.com/en-US/obsidian/administrator-guide/plesk-administration/securing-plesk/restricting-administrative-access.59465/ Nice, but most of us have a dynamic ip address. So it would be nice if you could set the allowed IP(s) via the shell and delete old invalid IPs…
2 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
Enable OCSP stapling and HSTS for Plesk panel
OSCP stapling and HSTS can now be enabled for domains using SSL It! estension.
However these settings cannot be enabled while securing Plesk panel.
So it will be really appreciated if such functionality is included in future Plesk updates.27 votesThank you for your input! We will consider this functionality for the upcoming releases if it becomes popular enough.
Everyone, please continue voting for this feature if you consider it important.
—
IG
- Don't see your idea?