Articles in this section

See more

Enhancing Security with Apache Localhost Mode in Plesk 18.0.56 (PPP-43250)

Avatar
Luca Krebs
Updated
Follow
DoNotDelete:docref kb: how-to Plesk Obsidian for Linux

Question

How can I use the new feature in Plesk 18.0.56 that allows Apache Web Server to listen on localhost on ports 7080 and 7081?

Answer

In Plesk 18.0.56, we introduced a new feature (PPP-43250) that allows Apache Web Server to listen on localhost on ports 7080 and 7081. This feature was introduced as a security improvement to reduce the attack surface by ensuring that Apache is no longer publicly accessible on these ports, thereby enhancing the overall security of your server.

Description of the new CLI command

The new CLI command plesk bin apache --listen-on-localhost <true|false> can be used to turn on/off Apache localhost mode.

The option value is stored in psa.misc.apacheListenLocalhost.

Default behavior for new Plesk installations

For fresh Plesk installations, the localhost mode is turned on by default.

The option value in psa.misc.apacheListenLocalhost is undefined and webserver.apacheListenLocalhost provides the default value.

Behavior for Plesk upgrades

For Plesk upgrades, the localhost mode is turned off by default.

The option value psa.misc.apacheListenLocalhost = false is stored explicitly during the upgrade.

Notice about custom hosting templates

Existing custom hosting templates may not work in localhost mode depending on modifications made in the template and should be adjusted accordingly.

Comments

5 comments

Sort by Date Votes
  • Avatar
    Karl May

    Should you not explain here how to set it on/off?

    > The new CLI command plesk bin apache --listen-on-localhost can be used to turn on/off Apache localhost mode.

    Is here true/false missing? And set this command the default behavior permanent or only temporary?

    And the hint where to find the "panel.ini" file is missing. Like linked to https://docs.plesk.com/de-DE/obsidian/administrator-guide/plesk-administration/konfigurationsdatei-panelini.78509/

    1
    Comment actions Permalink
  • Avatar
    concedra gmbh (Edited )

    If apacheListenLocalhost is set to true Plesk AW-Stats feature does not work anymore, because the IP in Serverlogs ist always 127.0.0.1
    The external IP that hits the NGINX Reverse-Proxy should be parsed to the logs, otherwise it will never work because all visitors come from the same IP adress.
    Please fix this and use X-Real-IP or something else.

    0
    Comment actions Permalink
  • Avatar
    TorbHo (Edited )

    With that feature turned on, I am not able to retrieve visitor's ip address via
    PHP $_SERVER[ 'REMOTE_ADDR' ]

    "Allow from xxx.xxx.xxx.xxx" via .htaccess is not possible, too.

    Any solution for that?

    0
    Comment actions Permalink
  • Avatar
    Luca Krebs

    Thanks for the recommendations Karl May, implemented accordingly.

    2
    Comment actions Permalink
  • Avatar
    Luca Krebs (Edited )

    TorbHo and concedra gmbh, thank you for reporting the described behavior. This will be fixed in the next hotfix for version 18.0.56.2.

    For reference. PPPM-14170, Change Log for Plesk Obsidian

    1
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles