Knowledge Base

Restricting Remote Access via Plesk API

Plesk API is an interface you use to interact with Plesk. You can use it
to remotely perform various operations in Plesk. For example, you can
create customer accounts, delete subscriptions, and much more. However,
an attacker can potentially use Plesk API for malicious purposes, for
example, to gain control over your server. To protect against such
attacks, we recommend restricting remote access via Plesk API.

In Plesk, you can either prohibit all connections via Plesk API (both
XML API and REST API) or allow them only from trusted IP addresses.

To do so, you add the following entries to the panel.ini
file.

To prohibit all connections via Plesk API:

[api]
enabled = off

To allow connections via Plesk API only from specific IP addresses:

[api]
allowedIPs = IP_addresses

Where the allowedIPs setting accepts one or more IP addresses
separated by commas or whitespace characters.

Here are valid examples of the allowedIPs setting in the
panel.ini file:

[api]
allowedIPs = 10.58.108.100,192.168.0.0

[api]
allowedIPs = 10.58.108.100 192.168.0.0

Note: Do not add the whitespace character before or after the comma that
separates several allowed IP addresses.

Knowledge Base

Restricting Remote Access via Plesk API

The Comfortable Advantages of the Hosting Control Panel

Server Management: IP Mapping Guideline

Using Docker – Operations with Containers

Optimizing Apache Web Server – Setting Up the Apache Restart Interval

Event Parameters Passed by Event Handlers – Server health status changed

Event Parameters Passed by Event Handlers – SSL/TLS certificate on mail server assigned/unassigned

Follow us:

COMPANY

PRODUCT

KNOWLEDGE BASE

PROGRAMS

COMMUNITY

Follow us: