Top Nav

Archive | Plesk

Plesk 12.5 Protected Directories Break Nginx/PHP-FPM

On Plesk 12.5, when using PHP-FPM with Nginx there’s a problem with the way protected directories are implemented. Each protected directory creates a “location” block in the Nginx config that proxies to Apache. So protected directories are implemented in Apache only. Nginx just passes through to Apache.  This is not a great design choice in our opinion. Instead protected directories should be implemented directly in Nginx.

One of the side effects of the 12.5 implementation is that inside protected directories Apache handles PHP even if you have the domain configured to use Nginx with PHP-FPM. This is especially problematic if you have the entire site password protected. The “location /” block takes precedence over the “location *.php” block so the entire sites ends up using Apache instead going directly to PHP-FPM.

To get around this problem I do the following in Plesk:

  1. Create a protected directory for “/protected”.  Add users as needed.
  2. On the “Apache & nginx Settings” screen, add the following to the “Additional nginx directives” field:
  3. In your .htaccess file add:

The last step is important because we need both Apache and Nginx to enforce the protected directory.



Enable Compression On Plesk With Nginx

To enable compression on a Plesk server with Nginx handling static content, had to add the following to .htaccess:

This configuration is explained here:

And then in Plesk under:

Subscriptions -> -> Websites & Domains -> Web Server Settings -> Additional nginx directives

added the following:

The Nginx configuration is explained here:


Limiting modsec_audit.log On Plesk

The mod_security implementation on Plesk 12 is a great new feature but we’ve noticed a tendency to accumulate very large log files at:


This happens on CentOS but not sure if it’s a problem on other distributions.

One way to reduce the logging is to add this line:


Plesk -> Tools & Settings -> Web Application Firewall -> Settings -> Custom directives

Another good step is to add log rotation for the file by creating:





Plesk & New Relic

New Relic is a great tool for managing website performance. Recently worked to setup a Plesk 12 server with New Relic. We wanted to have each virtual host on the website represented by an Application in New Relic as documented here:

We found a few useful points that we want to share:

1. The newrelic.appname must be removed from /etc/php.d/newrelic.ini.  If the appname is defined in this file then individual virtual hosts will not be able to override and provide there own appname. Just edit the file and comment out the line like:

2. Set the appname for each virtual host from Plesk by going to:

and adding a line like this:

to the “Additional configuration directives” field. Notice that the appname has two components separated by a semicolon. The first is the domain for the site and the second is the fully qualified server hostname. So for example you might do:

and then another site on the server might be:

Now in New Relic, you’ll see three applications. One for, one for and one for the entire server called


Revoke MySQL DROP Privilege On Plesk Database User

Had a request from client to add database user on a Plesk server but to remove the DROP DATABASE privilege so that they could not accidentally delete their database. By default, database users created through Plesk do have the DROP DATABASE privilege. Plesk does not currently allow fine-grained control over database privileges so the only way to implement this change is to modify the privileges directly from a MySQL command line. After some testing we found these command will have the desired effect:

Of course replace “testdb” and “testdbuser” with your actual database and username.