Applicable to:QuestionHow to allow access to a website directory from specific IP address in Plesk?
Answer Using Plesk GUI- If Reverse Proxy Server (nginx) is enabled in Tools & Settings > Services Management and PHP handled by Apache in Domains > example.com > PHP Settings:
1.Log into Plesk.
2.Open
Domains > example.com > Apache & nginx Settings.3.Disable
Serve static files directly by nginx.4.Add the following in
Additional directives for HTTP/S section, where 203.0.113.2 is the IP address from which access to a directory should be allowed.:
<Location "/exampledirectory">
Order Deny,Allow
Deny from all
Allow from 203.0.113.2
</Location>- If Reverse Proxy Server (nginx) is enabled in Tools & Settings > Services Management and PHP handled by nginx in Domains > example.com > PHP Settings, where 203.0.113.2 - IP address from which access to a directory should be allowed:
1.Log into Plesk.
2.Open
Domains > example.com > Apache & nginx Settings.3.Add the following in
Additional nginx directives section:
location / {
try_files $uri $uri/ /index.php;
}
location ^~ /exampledirectory {
allow 203.0.113.2;
deny all; location /exampledirectory/ {
index index.php; }
location ~ ^/~(.+?)(/.?.php)(/.)?$ { alias /var/www/vhosts/example.com/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ .php(/.*)?$ {
fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
}
- If Reverse Proxy Server (nginx) is disabled in Tools & Settings > Services Management
1.Log into Plesk.
2.Open Domains > example.com > Apache & nginx Settings, where 203.0.113.2 - IP address from which access to a directory should be allowed.
3.Add the following to Additional Apache directives section:
<Location "/exampledirectory">
Order Deny,Allow
Deny from all
Allow from 203.0.113.2
</Location> Directly on the server1.Connect to the server via SSH.
2.Find what version of Apache Web Server is installed on the server:
- for CentOS/RHEL-based distributions:
# httpd -v | grep version
Server version: Apache/2.2.15 (Unix)
- for Debian/Ubuntu-based distributions:
# apache2 -v | grep version
Server version: Apache/2.4.18 (Ubuntu)
3.Check that authz_host_module is installed and enabled:
- for CentOS/RHEL-based distributions:
# httpd -M | grep 'authz_host_module'
authz_host_module (shared)
- for Debian/Ubuntu-based distributions:
# apache2ctl -M | grep 'authz_host'
authz_host_module (shared)
4.Create .htaccess file in the directory where access should be restricted, for example /var/www/vhosts/example.com/httpdocs/exampledirectory/.htaccess using a text editor and add the following content:
- For Apache Web Server version lower than 2.4:
Order Deny,Allow
Deny from all
Allow from 203.0.113.2
Allow from 203.0.113.3- For Apache Web Server 2.4 and greater:
<IfModule mod_authz_host.c>
<RequireAny>
Require ip 203.0.113.2
Require ip 203.0.113.3
</RequireAny>
</IfModule>Note: make sure to add the correct IP address to the allow list. The actual IP address used to access the site from, can be seen at https://ifconfig.co/