How to allow access to the website directory from specified IP address only?

Applicable to:

• Plesk for Linux

Question

How to allow access to the website directory from specified IP address only?

Answer

Through Plesk:

• If Reverse Proxy Server (nginx) is enabled in Tools & Settings > Services Management:

  1. Log into Plesk.

  2. Open Domains > example.com > Apache & nginx Settings.

  3. Add the following in Additional nginx directives section:

     CONFIG_TEXT: location ^~ /exampledirectory {
     allow 203.0.113.2;
     deny all;
     }

  where 203.0.113.2 - IP address from which access to a directory should be allowed.

• If Reverse Proxy Server (nginx) is enabled in Tools & Settings > Services Management and PHP handled by nginx in Domains > example.com > PHP Settings:

  1. Log into Plesk.

  2. Open Domains > example.com > Apache & nginx Settings.

  3. Add the following in Additional nginx directives section:

     CONFIG_TEXT: location / {
     try_files $uri $uri/ /index.php;
     }
     location ^~ /exampledirectory {
     allow 203.0.113.2;
     deny all; location /exampledirectory/ {
     index index.php; }
     location ~ ^/~(.+?)(/.?.php)(/.)?$ { alias /var/www/vhosts/example.com/web_users/$1/$2;
     fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
     fastcgi_param PATH_INFO $fastcgi_path_info;
     fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
     include /etc/nginx/fastcgi.conf;
     }
     location ~ .php(/.*)?$ {
     fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
     fastcgi_param PATH_INFO $fastcgi_path_info;
     fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
     include /etc/nginx/fastcgi.conf;
     }
     }

  where 203.0.113.2 - IP address from which access to a directory should be allowed.

• If Reverse Proxy Server (nginx) is disabled in Tools & Settings > Services Management

  1. Log into Plesk.

  2. Open Domains > example.com > Apache & nginx Settings.

  3. Add the following to Additional Apache directives section:

     CONFIG_TEXT: <Location "/exampledirectory">
     Order Deny,Allow
     Deny from all
     Allow from 203.0.113.2
     </Location>

  where 203.0.113.2 - IP address from which access to a directory should be allowed.

Directly on the server:

1. Connect to the server via SSH.

2. Find what version of Apache Web Server is installed on the server:

   for CentOS/RHEL-based distributions:

   # httpd -v | grep version
   Server version: Apache/2.2.15 (Unix)

   for Debian/Ubuntu-based distributions:

   # apache2 -v | grep version
   Server version: Apache/2.4.18 (Ubuntu)

3. Check that "authz_host_module" is installed and enabled:

   for CentOS/RHEL-based distributions:

   # httpd -M | grep 'authz_host_module'
   authz_host_module (shared)

   for Debian/Ubuntu-based distributions:

   # apache2ctl -M | grep 'authz_host'
   authz_host_module (shared)

4. Create ".htaccess" file in the directory where access should be restricted, for example /var/www/vhosts/example.com/httpdocs/exampledirectory/.htaccess using a text editor and add the following content:

   For Apache Web Server version lesser than 2.4:

   CONFIG_TEXT: Order Deny,Allow
   Deny from all
   Allow from 203.0.113.2
   Allow from 203.0.113.3

   For Apache Web Server 2.4 and greater:

   CONFIG_TEXT: <IfModule mod_authz_host.c>
   <RequireAny>
   Require ip 203.0.113.2
   Require ip 203.0.113.3
   </RequireAny>
   </IfModule>

   Note: make sure that you add correct IP address to the allow list. The actual IP address you are using to access the site from, can be seen at https://ifconfig.co/