Configuring Plesk software
After you have installed Plesk software on your server, configure your system and set up all services required for its operation
Configuring Access Policy
To alleviate security concerns, it is recommended that you use security measures, that restrict access to control panel with administrator privileges from certain IP’s. You can make use of this function, by creating a list of IP addresses to which a restriction policy will be applied, two modes are available:
- Allow access from all IP’s except those added to the list.
- Deny access from IP’s, which are not in the list.
Managing control panel access
To use the access restriction function, select the Server shortcut in the navigation pane. The Server administration page will open. Click the Access icon on the Server administration page.
Enabling Plesk Firewall
Firewall is a protection measure aimed at prohibiting specific incoming network connections that may be used to compromise your server. Plesk Firewall operates on the base of rules, which specify parameters of connections, which are to be blocked or passed through.
It filters only incoming IP connections for TCP and UDP protocols. All outcoming connections are allowed. Each rule controls filtering only for one specific network interface (adapter).
Some rules for widespread protocols are predefined, and you can only enable or disable them.
To start setting up the firewall, click the Server > IP Addresses > Firewall icon.The page allows seeing and changing status of firewall protection for the network interfaces installed on the server.
To add your own rule, click the Add Firewall Rule button. A page will open where you have to specify rule’s properties. To edit properties of an existing rule, click on its name. The screen of editing an existing rule is very similar to the screen of adding a new rule, except that it does not allow renaming the rule.
The Panic button enables special mode to protect the server from unknown worms, etc. It closes the server as tightly as possible, disabling all incoming and outgoing connections except for accessing Plesk Control Panel and Remote Desktop administering. Note that the panic mode disables access to the client’s sites; it is only recommended to use it when there are no other options left, e.g. if the server was compromised.
Setting Session Security Parameters
- Session idle time: the allowable idle time for a user session. Should a user session remain idle for a length of time exceeding that specified as the session idle time, Plesk terminates the current session.
- Invalid login interval: an interval between two invalid login attempts within which the invalid login attempts counter is increased. If the time between two invalid login attempts exceeds this value, then the invalid login counter is reset back to 0.
- Invalid login attempts: the maximum number of invalid login attempts allowed. Once a user has exceeded this value, he/she is locked out for the time specified as theInvalid login lock time.
- Invalid login lock time: the lockout time for a user once the invalid login attempts counter has exceeded its maximum limit. Upon completion of the lockout time, the invalid login attempts counter is reset to zero and the user is again given the ability to login to Plesk.
Managing IIS Application Pools
Choosing Application Pools Assignment Policy – One of the new features of the IIS 6.0 web server is worker process isolation mode where each web site has the possibility to allocate a separate process pool for execution of its web applications. This way, malfunction in one application will not cause stopping of all the others.
Plesk has a shared application pool; each domain can use dedicated application pool if administrator and client policy permit this. Plesk has three modes of working:
- Always assign one application pool for each domain
- Place domains in a shared application pool by default and allow use of dedicated pools for selected clients
- Always place all domains in the shared application pool
To choose the application pool assignment policy, go to the Global Settings tab and choose one of the three aforementioned strategies.
Setting Up Server-wide ASP.NET Framework Configuration
Plesk allows to specify the Microsoft ASP.NET configuration settings that most commonly need to be customized in order for ASP.NET applications to function in a desirable way. You can set up the server-wide framework configuration that will be the default configuration for all domains registered in the system.
To access the page designed for the server-wide ASP.NET configuring , click the ASP.NET icon located in the Services field set on the server administration page.
On this page you can specify the following parameters:
Connection String manager – meant for determining string variables that contain database connection information. If there are any ASP.NET applications on the server, that intend to use databases, the connection strings should be specified. Note that editing this settings is available only for 2.0 framework version and above. When you open the ASP.NET configuration page for the first time, you see sample connection parameters, showing common constructions. You can then delete them and specify your own.
Custom Error Settings – designed for defining the information about custom error messages for an ASP.NET application.
To set the custom error messages mode, select one from the corresponding drop-down list:
- On – Custom error messages are always enabled.
- Off – Custom error messages are disabled and detailed errors are to be shown.
- RemoteOnly – Custom error messages are displayed only to remote clients and ASP.NET errors are shown to the local host.
Unless the custom error messages are fully disabled (the Off mode chosen), the parameters for custom error documents can be specified:
- The Status Code parameter defines the HTTP status code resulting in redirection to the error page.
- The Redirect URL parameter defines the web address of the error page presenting information about the error to the client..
To add an entry to the custom errors list, enter the necessary data to the text input fields corresponding to the Status Code and the Redirect URL columns and click the icon to the right of the fields. If the parameters for an error are not specified, users see a generic error.
To remove an entry from the custom errors list, click the icon to the right of the entry you wish to remove.
Setting System Date and Time
You can set manually the server date and time through the interface and enable server time synchronization with the Network Time Protocol (NTP) server. To manage the system date and time settings click the System Time icon on the Server administration page. The system date and time management page will open:
Setting Up Server-wide Mail and Spam Filtering
Configuring Mail Configure these server-wide mail system settings:
- The maximum allowable size of any e-mail received on the server.
- Relaying mode. Relaying affects only the mail sending, it does not in any way change the way mail is received on the server. Mail relaying can work in one of three modes: open relay, closed relay and relay with authorization.
- Open relay – selecting this allows any host computer to utilize the mail services of any domain on the server, to send and/or receive mail. In this mode, no password is required.
- Closed relay – selecting this only allows mail to be sent and received locally (to and from domains residing on the server). The only exception would be hosts specified as allowable relay hosts in the White list.
- Authorization is required – selecting this allows any host computer to utilize the mail services of a domain on the server, provided that a valid username and password are used to authenticate the mail user.
- POP3 – requires a POP3 login before sending mail. The lock time field sets the allowed time given for sending mail after login. During the lock time, any e-mail sent from the initial IP address will be accepted without requiring a password to be re-entered.
- SMTP – smtp authentication (the Plesk mail system supports LOGIN, CRAM-MD5 and PLAIN methods of smtp authorization) requires a password every time you send an e-mail.
- White List. Use it to define several IP-addresses with masks from which mail will always be accepted.
- Black List. Use it to define the mail domains from which you do not allow mail to be received.
- MAPS spam protection. Enable the external mail abuse prevention system, which can help you defend your customers from abuse by spammers.
In order to set up the mail system, follow these steps: <l>Click the Mail icon on the Server administration page. The Mail system management page will open:To set the maximum letter size allowed on the server, click in the Maximum letter size text box and enter the desired value in Kilobytes. Click Set to submit.To set the mail system relay mode, select a corresponding radio button. For relaying that requires authorization, select the Authorization is required radio button. You must then select an authorization type, which can be POP3, SMTP or both.
To add an IP address/mask to the White List, type in the appropriate IP address and mask in the fields provided. Click Add to submit. The address selected will appear in the IP list.To remove an IP address/mask from the White List, select the IP address you wish to delete from the IP list. Click Remove.To add a mail blocker, click in the text box in the Domain Name field and enter the domain name from which you want the mail to be rejected. Click Add to submit. The domain you selected will appear in the list of blocked domains.To remove a mail blocker, select the domain you wish to remove from the list of blocked domains. Click Remove.To enable the external Mail Abuse Prevention System (MAPS) select the Enable MAPS spam protection checkbox, specify the MAPS zone in the MAPS zone(s) field and click Set.
- POP3 – Click in the checkbox next to POP3 to enable this mode of authorization. You must then set the lock time; the default setting is 20 minutes.
- SMTP – Click in the checkbox next to SMTP to enable this authorization mode.
Configuring the Server-wide Spam Filter
For the purpose of filtering spam out of incoming mail you can use the integrated spam filter software.
Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify “spam”, also known as unsolicited commercial email. Once identified, the mail can then be optionally tagged as spam for later filtering using the user’s own mail user-agent application.
Managing Control Panel SSL Certificates
An SSL certificate represents a set of rules used when exchanging encrypted information between two computers. Certificates ensure secure communications; this is especially important when handling e-commerce transactions and other private transmittals. Only authorized users can access and read an encrypted data stream.
Managing Shared SSL
SSL stands for “Secure Socket Layer” and you can use this feature to protect all data exchanged between your Web site and the client. Shared SSL is a means of secure Web server access without requiring users to purchase a digital key.
In this case, only one domain should have real SSL sertificate. We will call it Master SSL Domain. Other domains, which are set up to use Shared SSL will use its resources.
To choose the Master SSL Domain from the list of domains which have SSL support enabled, go to the Server > Shared SSL page. In order to do this, set the Enable shared SSL checkbox and choose, which domain you want to be the Master SSL Domain.