Top Nav

Archive | Plesk

Disable Basic Auth For Virtual Path On Plesk

In a recent case we needed to allow request to a particular virtual URL path on a site that was password protected with HTTP Basic Auth. The site was hosted on a Linux server with Plesk, nginx and Apache.  Typically this problem is solved by adding a “Satisfy Any” to the .htaccess in the directory that you want to remove authentication. But this does not work if the path is virtual instead of a physical directory path. Additionally we needed to allow access for a list of IP addresses. We tried an number of different solutions and ended up with the following:

Step 1 – The HTTP Basic Auth and IP access controls are configured in the .htaccess file like this:

Step 2 – In Plesk under:

Add the following block:

where “/excluded/path” is the virtual URL to be allowed access and “x.x.x.x” is the IP address assigned to the site.

When a request comes is received, nginx looks for the path and adds the AUTH_OVERRIDE header. Then the request is passed to Apache which processes the .htaccess file. The AUTH_OVERRIDE header is converted to an “AUTH_REQUEST” environment variable and allow without authentication by the “allow from env=” rule.

There may be better ways to accomplish this solution but this is one that we successfully implemented.

 

 

0

Mitigate SWEET32 On Plesk Panel

Here’s a great article on the SWEET32 vulnerability and how to mitigate:

SWEET32 Birthday attack : How to fix TLS vulnerability (CVE-2016-2183) in OpenSSL, Apache, Nginx and IIS in RedHat, CentOS, Ubuntu, Debian, OpenSUSE and Windows

If you have a Plesk server then you’ll need adjust the panel ciphers by editing:

and change the contents to:

The restart the panel:

0

Plesk – Bulk Reset Subscription Expire Date

Here’s a one liner to set the expire date on all subscriptions to unlimited:

 

0

Install New Relic With Plesk 12.5

Plesk 12.5 allow for multiple PHP versions and integration methods. This is a great feature but it makes installing New Relic more difficult. New Relic by default installs to the Linux distribution’s version of PHP. With Plesk 12.5, there are multiple PHP versions in different locations. Also New Relic uses a unix socket to facilitate communication between the newrelic-daemon and the PHP component. When running PHP under php-fpm there are permission problems with multiple sites using New Relic. Here are the steps to get New Relic working on CentOS or RedHat. Other Linux distributions will be similar.

1. Install New Relic for the operating system following the standard instructions:

https://docs.newrelic.com/docs/agents/php-agent/installation/php-agent-installation-overview

2. Set the newrelic-daemon to run independently by copying the config file template:

3. Configure the newrelic-daemon to listen on a TCP port instead of a UNIX socket:

4. Start the newrelic-daemon:

5. Configure distribution provided PHP to use newrelic-daemon:

6. Restart Apache

7. Install New Relic on Plesk provided PHP installations using the instructions here:

https://docs.newrelic.com/docs/agents/php-agent/advanced-installation/php-agent-installation-non-standard-php-advanced

We’ll start with PHP 5.6:

8. Set the TCP port

9. Restart cooresponding php-fpm process:

10. Repeat steps 7, 8 and 9 for each additional PHP version installed on the server.

0

Plesk 12 / CentOS / PHP 5.3 Issue Causes “abrt” Crash From Yum

Recent on servers with Plesk 12 and the PHP 5.3 distribution from Odin, we’re seeing “abrt” crash reports from Yum with a back trace like:

Until Odin fixes their repository the only way to get updates to proceed normally is to disable the PHP 5.3 repository by editing:

And adding this line:

Since PHP 5.3 is EOL there aren’t any updates expected so disabling the repository should not cause problems.

 

0