All domains on our hosting can be scanned and their control panel accessed via port :8443. This needs to be locked down to just 1 domain which can be changed via the customised URL option.

We have an unhappy client finding their domain at port 8443 is open and has an invalid certificate. Unfortunately it's not feasible to explain to non-technical clients how DNS, TLS, browsers and web servers all work together to lead to this result, they just see a big red warning and want it gone.

This is important for panel security, avoiding a door being exposed on site. Panel needs to resolve only certain subdomain.

A bigger threat could possibly be, if Plesk update is hacked, and Plesk firewall is changed. I recommend using also the AWS firewall to block access to certain ports as 22, 8443,8447, to all IPs but certain fixed ones.

You may have port 8443 opened only to certain fixed IPs, done on the AWS hosting level which is not accessible via Plesk or server SSH access.

Major client - fortune 500 company - threatens to leave if we don't get this fixed. Open port 8443 makes their website not compliant security wise.

I don't want any domain with port 8443 accessible online, also those are not secure and are TLS 1 and 1.1

Some of our customers have raised their concerns over this. From the customer's perspective it might not be very harmful to have port 8443 accessible from their domain, but it is confusing when they can get an invalid certificate error on their domain. It's very tough to explain to them why it doesn't matter much.

This makes it important to us to be fixed. For now, we totally removed the ability to access from port 8443, which is NOT what we want, but for now the only way to work around these customer's concerns.

This is an important feature. Normally you get a SSL certiicate error when using one of the customers domains with port 8443, since the certiicate is only for the "standard" Plesk domain.

Very very important.

I've got more than 100 domains on a single VPS and I don't want Plesk to be "visible" from any random domain.

Very important.

Verry very very very important, Getting attacks every day...

To get around this for now I followed this tutorial - https://support.plesk.com/hc/en-us/articles/115001421414-How-to-redirect-from-the-domain-to-the-server-hostname-on-port-8443-

But I changed z-plesk.inc to include the following instead:

if ($host !~ 'your-hostname.com|127.0.0.1'){
return 404;
}

Now domain.com:8443 just 404s (after a security warning but this is preferable).

yes, totally agree, there must be an option to restrict access to plesk through 8443 on selected domains. Request Plesk team to look into this please, Thanks

This is a no-brainer.

There MUST be a way to close or open a port ( any port ) on a specific Domain without affecting the others.

This should be a High Priority.

The main thing here is not to restrict port 8443 at all.
The goal here that for example Plesk can be accessed only from https://example.com:8443 (where the example.com is the Plesk hostname) but via https://testdomain.tld:8443 the access to Plesk will not be possible or it should be redirected to https://example.com:8443

The solution from here is not suitable: https://docs.plesk.com/en-US/obsidian/deployment-guide/plesk-installation-and-upgrade-on-single-server/customizing-plesk-url.76455

For clarification please see the article below, especially "For the redirect from a domain name to hostname" section where workaround to this request can be found

https://support.plesk.com/hc/en-us/articles/115001421414

Good idea, port 8443 must be restricted to selected domains.
(I'm dont speak english)

yes, totally agree, there must be an option to restrict access to plesk through 8443 on selected domains. Request Plesk team to look into this please, Thanks

Good idea, port 8443 must be restricted to selected domains.