Feature Suggestions
Please provide here your suggestion for new functionality for Plesk. We encourage you to review and vote for suggestions of others. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Please write in English so that voters from all over the world can read and support your request.
Off-topic posts will be removed from here
121 results found
-
Naxsi - web application firewall for Nginx
Naxsi is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx
41 votesThank you for your input. We will review this nginx module to see if we should support it out of the box
-
SAML integration
For setups with a large amount of plesk servers it would be very nice to be able to be able use a SAML integration to handle the user authentication.
33 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Integration with firewall service on the blocked addresses. https://www.abuseipdb.com/api.html
Allowing you to see information from other participants and automatically deny access to all new locations as they are very much in a day.
AbuseIPDB
making the internet safer, one IP at a time31 votesWe will consider this functionality in upcoming releases if it will be popular. However, in part of integration with 3rd party, probably it will be faster if you create Plesk extension. Please refer to https://docs.plesk.com/en-US/17.0/extensions-guide/what-are-plesk-extensions%3F.76331/ to know how.
Everyone, please continue voting for this feature if you consider it important.
—
ET -
Hotlink protection for Linux
A feature to help you configure the hotlink protection with nginx and apache
29 votes -
Implement a support module for Duo Security 2FA
Plesk has support for Google Authenticator and Clef, could an Extension/Module be written to support the authentication through Duo Security?
26 votes -
Make more Jails for Fail2Ban e.g. mysql error log
see header
please make plesk saver with more helpful Jails for fail2ban
mysql error log
typo3 login fails
joomla login fails
shopware
email
ftp
webmailan any more
24 votes -
Implement Dropbox's (zxcvbn) password strength library
Please consider implementing Dropbox's password strength library in future versions of plesk. https://github.com/dropbox/zxcvbn
Right now (Plesk Onyx Version 17.8.11) very secure passwords such as applaud-bisque-batch-forefoot won't even pass the "medium" filter, and very bad passwords such as Pa$$word123 are marked "Strong".
Brute force cracking continues to get more sophisticated and the current strength ratings are misleading.
23 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Port Scan protection, PortSentry / PSAD
Plesk has fail2ban but seems to have no port scan protection, Something like PSAD or Portsentry would be good to be included to allow blocking and reporting on portscans making plesk more secure for everyone.
22 votes -
Enable OCSP stapling and HSTS for Plesk panel
OSCP stapling and HSTS can now be enabled for domains using SSL It! estension.
However these settings cannot be enabled while securing Plesk panel.
So it will be really appreciated if such functionality is included in future Plesk updates.21 votesThank you for your input! We will consider this functionality for the upcoming releases if it becomes popular enough.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Implement OSSEC
Implement as an add-on, or possibly through an Extension, the ability to install and configure OSSEC. An Extension GUI which provides simple, limited functionality to configure the most frequently used features of OSSEC would be an awesome addition to Plesk.
21 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
ET -
Description of IP in Firewall Rules to e.g. name the IP 'Office', 'Home', 'IP John'
Description of IP in Firewall Rules to e.g. name the IP 'Office', 'Home', 'IP John'
21 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.— rk
-
Secure default HTTPS settings
Set the default settings so that websites (e.g. Wordpress) created in Plesk have a good score in online scanners (are secure).
One very good scanner is https://observatory.mozilla.org/
This includes some headers to be sent, and secure TLS settings.
Mozilla also offers a guide concerning web server settings: https://wiki.mozilla.org/Security/Server_Side_TLSThe remaining things should be set in Wordpress directly directly by Plesk.
19 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
— ES
-
Use of FQDN in the firewall
I would like to use FQDN in the plesk firewall instead of only IP addresses.
18 votesThank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Enable IIS option "loadUserProfile:true" for dedicated application pools
In Windows Server IIS, it is recommended to set loadUserProfile:true for dedicated application pools. Doing so guarantees better application isolation and security for web applications created with ASP.NET, .NET Core or PHP.
You can find some basic information about this setting in this Stack Overflow answer: https://stackoverflow.com/a/17149834/1297898.
Official Microsoft documentation: https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities, https://docs.microsoft.com/en-us/iis/manage/configuring-security/ensure-security-isolation-for-web-sitesI will be pleased to provide any additional information you may require.
16 votesThank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG -
More customizable password strength
Please consider implementing more options for customization of password strength - for example disalbing it, setting allowed password to have lower than 5 symbols or the opposite - increase number of symbols required for a password.
16 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Spamhaus Drop List integration.
Add Spamhaus DROP LIST integration to the firewall with update schedule
16 votes -
chacha20_poly1305 QUIC
Plesk need to Support chacha20_poly1305 or QUIC better both
It's faster than the normal https Socket and more Secure, QUIC can used in https also http and safer as SPDY15 votes -
Add Nginx Jails to Fail2Ban
Plesk has - praise be - increasingly better supported Nginx, now with the option to use only Nginx, which is great.
That being so, now we need the next logical step: The Fail2Ban Jails for Apache are available, but will have no effect, as Apache is not used at all any more. So we need some Jails for Nginx.
This is not exactly rocket science, there are plenty of examples to be found on the web, the Fail2Ban distribution has some, and here's an article on digitalocean:
https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-14-04Search for: fail2ban nginx 404
E.g. https://nichteinschalten.de/apache-nginx-404-fail2ban-regex/
Note The 404 code is…14 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG -
Add ipset in Firewall to increase performance
Please extend the Firewall / Concept to make the use of ipset, because it is generally the fastest solution i found so far. Chains like "f2b-recidive" can also be implemented as ipset list. This will speed up the whole process while adding or removing ips. I dont know if there is a cidr support in ipset...
For example, remove the following chain:
f2b-plesk-postfix tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587
And extend the firewall with a native DROP on the ports as described below:
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587 match-set f2b-plesk-postfix src
And then (or before?) just…
14 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
ET -
ProFTPd GeoIP blocking
Compile proftpd with "GeoIP"
http://www.proftpd.org/docs/contrib/mod_geoip.htmlThis would allow to block or whitelist countries - even on a per user basis.
We did research on this and most of the foreign FTP attempts are malicious.14 votesThank you for your input! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.— rk
- Don't see your idea?