Plesk

Restricting Remote Access via Plesk API

  • Dmitry Bystrov

    • Plesk API is an interface you use to interact with Plesk. You can use it
    to remotely perform various operations in Plesk. For example, you can
    create customer accounts, delete subscriptions, and much more. However,
    an attacker can potentially use Plesk API for malicious purposes, for
    example, to gain control over your server. To protect against such
    attacks, we recommend restricting remote access via Plesk API.

    In Plesk, you can either prohibit all connections via Plesk API (both
    XML API and REST API) or allow them only from trusted IP addresses.

    To do so, you add the following entries to the panel.ini
    file.

    To prohibit all connections via Plesk API:

    [api]
enabled = off

    To allow connections via Plesk API only from specific IP addresses:

    [api]
allowedIPs = IP_addresses

    Where the allowedIPs setting accepts one or more IP addresses
    separated by commas or whitespace characters.

    Here are valid examples of the allowedIPs setting in the
    panel.ini file:

    [api]
allowedIPs = 10.58.108.100,192.168.0.0

    [api]
allowedIPs = 10.58.108.100 192.168.0.0

    Note: Do not add the whitespace character before or after the comma that
    separates several allowed IP addresses.

    Tweet
    Share
    Share
    Email
    0 Shares