QuestionHow to block user-agents in Plesk Control Panel on Linux?
AnswerTo block a specific user agent to reaching the Plesk control panel, use these steps:
- Edit the file /etc/sw-cp-server/conf.d/plesk.conf.
- Add the following configuration (where hello, world and helloworld are case-insensitive:
map $http_user_agent $badagent {[/li]
[li] default 0;[/li]
[li] ~*hello 1;[/li]
[li] ~*world 1;[/li]
[li] ~*helloworld 1;[/li]
[li]}[b][/b]- Now paste the if condition within the domain's (the "server" block, where sw-cp-server is listening) configuration file, e.g.:
if ($badagent) {[/li]
[li] return 403;[/li]
[li]}[b][/b]- You should have your file looking closer to this:
map $http_x_requested_with $error_doc_format {[/li]
[li] default html;[/li]
[li] XMLHttpRequest json;[/li]
[li]}[/li]
[li][/li]
[li]map $http_x_forwarded_proto $original_proto {[/li]
[li] default $http_x_forwarded_proto;[/li]
[li] "" $scheme;[/li]
[li]}[/li]
[li][/li]
[li]map $http_user_agent $badagent {[/li]
[li] default 0;[/li]
[li] ~*hello 1;[/li]
[li] ~*world 1;[/li]
[li] ~*helloworld 1;[/li]
[li]}[/li]
[li][/li]
[li]server {[/li]
[li] listen 8443 ssl;[/li]
[li] listen 8880;[/li]
[li] listen 127.0.0.1:8880 default_server;|[/li]
[li] include conf.d/*ipv6_ports.inc;[/li]
[li] http2 on;[/li]
[li][/li]
[li] ssl_certificate /opt/psa/admin/conf/httpsd.pem;[/li]
[li] ssl_certificate_key /opt/psa/admin/conf/httpsd.pem;[/li]
[li] include conf.d/*plesk.inc;[/li]
[li] include conf.d/*wpb.inc;[/li]
[li][/li]
[li] if ($badagent) {[/li]
[li] return 403;[/li]
[li] }[/li]
[li]}[b][/b]- Restart the Plesk frontend:
- Note: the command will cause a brief downtime, while the frontend is being restarted:
- # systemctl restart sw-cp-server
- [/b]
- Make a non-redirect following query with a specified user agent. Now it will return 403:
- # curl -Ik https://example.com:8443 -A "hello"
- HTTP/2 403
- server: nginx
- date: Mon, 24 Mar 2025 19:29:54 GMT
- content-type: text/html
- content-length: 146[/b]