How to forbid directory listing at example.com/plesk-stat in case the password protection is disabled?
Before considering to apply the solution, note that this directory listing is required to browse between different statistics:
- Web statistics
- Web statistics over SSL
- FTP user statistics
- Anonymous FTP statistics
That is why it is recommended not to forbid directory listing of this page, but to keep example.com/plesk-stat secured with a password (the option is available at Plesk > Domains > example.com > Hosting Settings > Protect access to your web statistics with your FTP username and password).
However, if you accept this kind of risk, here are the steps to forbid directory listing:
Per domain solution:
In Plesk go to Domains > example.com > Apache & nginx Settings and add the directive below to the A:
CONFIG_TEXT: Redirect permanent /plesk-stat/ http://example.com/
Click OK to apply the changes.
Note: Next time when the page example.com/plesk-stat will be opened, it will redirect to the main page.
Solution for all domains:
Connect to the Plesk server via SSH.
Create a directory for custom configuration templates:
# mkdir -p /usr/local/psa/admin/conf/templates/custom/domain/
Copy the template
domainVirtualHost.phpfrom the default directory to the custom directory:
# cp /usr/local/psa/admin/conf/templates/default/domain/domainVirtualHost.php /usr/local/psa/admin/conf/templates/custom/domain/
Open the file
/usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.phpin any editor.
Navigate to the line
Options +Indexes and comment it with the hash "#", so it will look like:
CONFIG_TEXT: 88 <?php if ($VAR->domain->physicalHosting->hasWebstat):?>
90 <?php if ($OPT['ssl'] || !$VAR->domain->physicalHosting->ssl): ?>
91 Alias "/plesk-stat" "<?php echo $VAR->domain->physicalHosting->statisticsDir ?>"
92 <Location /plesk-stat/>
93 # Options +Indexes
Run the command below to regenerate configuration files for domains (please note that it will take some downtime of websites):
# /usr/local/psa/admin/bin/httpdmng --reconfigure-all
Note: In this case, next time when the page example.com/plesk-stat will be opened, it will show the "403 Forbidden" page.