Limiting access to Plesk panel by specifying the allowed dst addresses
It is required to control the accessibility of the Plesk panel by having an option to permit access only by the specified server's IP's. For example:
Let's say there are 172.16.1.10 & 172.16.1.11 IPs on the server both assigned with a domain name panel.example.com.
Option "Specified domain" is set in Tools&Settings > Customize Plesk URL.
Any other IP address on that should NOT serve the login procedure.
However, when this server has a full subnet 172.16.1.32/27 added as the secondary IP addresses, it is possible to open any of them via the Web Browser, afterward press "Log in to Plesk" and you'll get redirected to
https://172.16.1.*/login_up.php?* and will end up facing a Plesk Login page on that IP which is something that should NOT happen.
Thus, there has to be an option to make all IPs from the 172.16.1.32/27 network pool to stop serving as authorization ways.
To let the Plesk login react only on a single IP address or a defined address range is a valid request. We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
-- PD
-
Anonymous commented
This suggestion stems from a requirement we reported that support were unable to fulfill.
We don't want to blacklist by source. We want to restrict control panel service to a single public IP address.
We have a multi-IP server and we want the management interface on only one of those IPs. Without manually reconfiguring the Nginx proxy config file to comment out all but the home IP the default vhost on port 443 of ALL public-facing IPs proxies through Nginx to the panel service, irrespective of any other settings.
Imagine we have the range 1.2.3.160 - 1.2.3.169
We only want Plesk control panel to appear on 1.2.3.160:443, and for the default server on the remaining IPs to be unserved. Without the manual intervention described above, they also present the control panel login.