How to block user-agents in Plesk Control Panel on Linux?

Question

How to block user-agents in Plesk Control Panel on Linux?

Answer

To block a specific user agent to reaching the Plesk control panel, use these steps:

• Edit the file /etc/sw-cp-server/conf.d/plesk.conf.
• Add the following configuration (where hello, world and helloworld are case-insensitive:
  

  CONFIG_TEXT: map $http_user_agent $badagent {
       default 0;
       ~*hello 1;
       ~*world 1;
       ~*helloworld 1;
  }

• Now paste the if condition within the domain's (the "server" block, where sw-cp-server is listening) configuration file, e.g.:
  

  CONFIG_TEXT: if ($badagent) {
       return 403;
  }

• You should have your file looking closer to this:
  

  CONFIG_TEXT: map $http_x_requested_with $error_doc_format {
       default html;
       XMLHttpRequest json;
  }
  
  map $http_x_forwarded_proto $original_proto {
  default $http_x_forwarded_proto;
       ""      $scheme;
  }
  
  map $http_user_agent $badagent {
      default         0;
      ~*hello     1;
      ~*world     1;
      ~*helloworld 1;
  }
  
  server {
  listen 8443 ssl;
       listen 8880;
       listen 127.0.0.1:8880 default_server;|
       include conf.d/*ipv6_ports.inc;
       http2 on;
  
       ssl_certificate /opt/psa/admin/conf/httpsd.pem;
       ssl_certificate_key /opt/psa/admin/conf/httpsd.pem;
       include conf.d/*plesk.inc;
       include conf.d/*wpb.inc;
  
       if ($badagent) {
            return 403;
       }
  }

• Restart the Plesk frontend:
  Note: the command will cause a brief downtime, while the frontend is being restarted:

  # systemctl restart sw-cp-server

• Make a non-redirect following query with a specified user agent. Now it will return 403:

  # curl -Ik https://example.com:8443 -A "hello"
  HTTP/2 403
  server: nginx
  date: Mon, 24 Mar 2025 19:29:54 GMT
  content-type: text/html
  content-length: 146