Articles in this section

How to protect websites against DDoS attacks in Plesk for Windows Server

Kuzma Ivanov
Updated
Plesk for Windows kb: how-to ABT: Group B

Applicable to:

  • Plesk for Windows

Question

How to protect websites against DDoS attacks in Plesk for Windows Server?

Answer

Use the built-in IIS feature Dynamic IP Address Restrictions to block access for IP addresses that exceed the specified number of requests to websites hosted in Plesk.

In Plesk, this feature is capable to set:

  • Dynamic IP Address Restrictions to Deny IP addresses based on the number of concurrent requests from a unique IP address
  • Deny IP addresses based on the number of requests over a period of time

Note: Values in the instructions below are given as an example. Adjust them according to your needs.

 

Enabling IIS dynamic IP restriction via the Plesk interface (for one domain only)

 

  1. Log in to Plesk.

  2. Go to Domains > example.com > IIS Settings.

  3. Scroll down to the Preventing DoS attacks by IIS dynamic IP restriction section and adjust settings according to your needs.


    Screenshot_2019-01-29_IIS_Settings_for_example_com_-_Plesk_Onyx_17_8_11_1_.png

 

Enabling IIS dynamic IP restriction via a command prompt (for one domain/all existing domains/all new domains)

 

  • For one domain

    1. Connect to a Plesk server via RDP.

    2. Start a command prompt as an Administrator.

    3. Run the command:

      • To make IIS deny access to the website example.com from clients that have made more than 22 HTTP requests in 230 milliseconds:

        C:\> plesk bin virtdir.exe --update / -vhost example.com -is_deny_by_request_rate true -max_requests 22 -request_interval 230

      • To make IIS deny access to the website example.com from clients that have made more than 9 concurrent HTTP requests:

        C:\> plesk bin virtdir.exe --update / -vhost example.com -is_deny_by_concurrent_requests true -max_concurrent_requests 9

     

  • For all existing domains

    1. Connect to a Plesk server via RDP.

    2. Start a command prompt as an Administrator and run the command below to get the list of all domains on the server:

      C:\> plesk db -Ne"select name from domains;" > C:\domains.txt

    3. Run the command:

      • To make IIS deny access to all existing websites from clients that have made more than 22 HTTP requests in 230 milliseconds:

        C:\> for /f %i in (C:\domains.txt); do (plesk bin virtdir.exe --update / -vhost %i -is_deny_by_request_rate true -max_requests 22 -request_interval 230);

      • To make IIS deny access to all existing websites from clients that have made more than 9 concurrent HTTP requests:

        C:\> for /f %i in (C:\domains.txt); do (plesk bin virtdir.exe --update / -vhost %i -is_deny_by_concurrent_requests true -max_concurrent_requests 9);

         

        To learn more about the virtdir.exe utility, visit this Plesk documentation page.

 

Was this article helpful?

Comments

1 comment
Date Votes
  • Avatar
    Duarte Nuno
    (Edited )

    Plesk should allow you to set default values in service plans.

    1

Please sign in to leave a comment.