Protected Directories in Plesk

From Lunarpages Web Hosting Wiki

Plesk, Management of Web Directories

Plesk allows you to see the directories of your domain the way they are seen from the web and manage their protection and settings. Generally, there are two types of directories, physical and virtual ones. Physical directories are the actual directories present on the server's hard drive while virtual ones are only abstraction, a kind of links to the existing physical directories. Therefore, virtual directories are not visible in regular file manager but you can see and manage them on the Web Directories screen at the Domain Administration page; directly from Plesk > Home > > Web Directories (section).

Plesk protect 01.gif

Further, URLs for directories may be protected and unprotected. Everybody can access unprotected URLs, while only privileged users can access URLs with protection.

While working with the Web Directories screen, there is a notion of current directory. It is written in the title text of the page (by default, it is "Web directory /"). All the actions accessible on the screen affect the current directory. To change the directory, click on the desired name in the Web directories list. The title text will be updated to reflect the change.

Each entry in the directories list has three icons at the right side. First one allows you to open the corresponding directory in browser. The next one allows changing preferences of the directory. It is accessible only for virtual directories. The last one allows editing permissions.

If the current directory is virtual, four tabs are shown at the top of the page:

  • General. This is the tab where you can change the current directory and change its properties.
  • MIME Types. Here you can define what types of files the web server can handle in the current directory.
  • Error documents. Allows you to change custom error documents for the web server errors. For using this feature, you should allow this on the domain setup page (the Custom Error Documents checkbox).
  • Protection. Used for managing protected URLs.

If the current directory is physical, only General and Protection tabs are shown.

Preferences on each of them affect the current web directory. There are three available buttons on the General tab:

  • Add New Virtual Directory. Press it to add a new virtual directory in the current directory.
  • Preferences. Manages the properties of the current directory. Available only for virtual directories.
  • Permissions. Allows you to define what types of actions different user types can carry out with the current directory.

Managing Directory Preferences

To change properties of the current directory, press the Preferences button on the General tab. The following page will appear:

Plesk protect 02.gif

At this page you can change the properties of the given virtual directory, and add and remove nested virtual directories.

  • The Name field contains the name of the current virtual directory. You can rename the directory by entering the new name in this field.
  • In the Path drop-down list, select the path to the physical directory where the virtual directory resides.
  • Select the Script source access to allow users to access source code if either Read or Write permissions are set. Source code includes scripts in ASP applications.
  • Select the Read permission checkbox to allow users to read files or directories and their associated properties.
  • Select the Write permission checkbox to allow users to upload files and their associated properties to the current virutal directory or to change content in a write-enabled file. Write access is allowed only when a browser that supports the PUT feature of the HTTP 1.1 protocol is used.
  • Select the Directory browsing box to allow users to see a hypertext listing of the files and subdirectories in this virtual directory. Because virtual directories do not appear in directory listings, users must know a virtual directory's alias. If Directory browsing is disabled, user does not specify a file name and the default content page (see below) is disabled, the Web server displays an "Access Forbidden" error message in the user's Web browser.
  • Select the Log visits checkbox if you want to store the information on visiting the current directory.
  • The Create Application checkbox makes the virtual directory an IIS Application. The directory becomes logically independent from the rest of the web-site.
  • The Execute permissions option determines the program execution level allowed for this site's resources.
  • Set permissions to None to allow access only to static files such as HTML or image files.
  • Set permissions to Scripts only to allow running scripts only, not executables.
  • Set permissions to Scripts and Executables to remove all restrictions so that all file types can be executed.
  • Select the Enable parent paths checkbox to allow using double period in the path-name when referring to a folder above the current virtual directory. This makes users able to move up the folder tree without knowing the folder name or the whereabouts in the hierarchy. If the option is selected, parent paths should not have the Execute permission so that applications do not have the ability of unauthorized running of programs in the parent paths.
  • Select the Enable to run in MTA checkbox to allow the application execution in multi-threaded apartment (MTA) mode. Otherwise, the application runs in single-threaded apartment (STA) mode. Using STA, each application pool is executed in a dedicated process. With MTA, several concurrent application pools are executed in one thread which can increase performance in some cases.
  • The Enable default content page checkbox allows use of a default document for the current virtual directory. The default document is sent when users access the directory on the Web without a specific file name (e.g. using as opposed to If this checkbox is deselected and the Directory browsing checkbox is enabled, the Web server returns a folder listing. If it is deselected and theDirectory browsing checkbox is disabled, the Web server returns an "Access Forbidden" error message.
  • IIS searches for the default documents in the order specified in the Default documents search order field and sends user the first available file it finds. If no match is found, IIS behaves as in the cases when the default content page is disabled.
  • Select the Enable anonymous access checkbox if you want to make the directory public so that web users could access it without authentication.
  • Select the Require SSL checkbox to enable SSL-only access to the folder.

Click OK to submit your changes.

Managing Web Directory Permissions

Plesk allows setting up permissions for a web directory; this way you control what types of actions different uses can perform with the directory. To manage permissions of the current web directory, click the Permissions button on the General tab. The following page will open:

Plesk protect 03.gif
  • When setting permissions for folders: using the appropriate checkboxes, allow or disallow users to view the folder and its contents, to create files within the directory, and to traverse the directory. You can also select appropriate checkboxes in All Actions column if you want to allow or deny all operations for the given user/user group.
  • When setting permissions for files: using the checkboxes, allow or disallow users to read and write to the file, and define permissions for file execution. You can also select appropriate checkboxes in All Actions column if you want to allow or deny all operations for the given user/user group.

Select the Show additional users checkbox for users with non-defined access rights to be shown in the list, so that you could grant them appropriate rights.

Click OK to submit your changes or click Cancel to discard all changes and return to the previous page.

Managing MIME Types

To set up MIME types for the current web directory, go to the MIME Types tab. The following screen will appear:

Plesk protect 04.gif

Multipurpose Internet Mail Exchange (MIME) types instruct a Web browser or mail application how to handle files received from a server. For example, when a Web browser requests an item on a server, it also requests the MIME type of the object. Some MIME types, like graphics, can be displayed inside the browser. Others, such as word processing documents, require an external helper application to be displayed.

When a web server delivers a Web page to a client Web browser, it also sends the MIME type of the data it is sending. If there is an attached or embedded file in a specific format, IIS also tells the client application the MIME type of the embedded or attached file. The client application then knows how to process or display the data being received from IIS.

IIS can only operate files of registered MIME types. These types could be defined both on the global IIS level and on the domain or virtual directory level. Note that globally defined MIME types are inherited by all the domains and virtual directories while ones defined on the domain or virtual directory level are used only for the area where they are defined. Otherwise, if the web server receives request for a file with unregistered MIME type, it returns the 404.3 (Not Found) error.

To add a new MIME type, click on the corresponding icon. To edit an existing type, click on its name in the list at the bottom of page. The following screen will appear:

Plesk protect 05.gif

In the Extension box, type the file name extension beginning with a dot (.), or use a wildcard (*) to serve all files regardless of file name extension.

Specify the file content type in the Content box. You can either select the appropriate value from the list or define a new content type. To do this, select Custom... and enter the content type in the input box provided.

Click OK to submit your choice.

Managing Custom Error Documents

Plesk allows managing error documents sent to clients in cases of web server errors. The error codes are standardized in the HTTP protocol. For each error type you can either leave the default error document or replace it with the custom one.

To set up custom error documents, go to the Error Docs tab. The following screen appears:

Plesk protect 06.gif

The changes made on this screen affect only the current directory and all of its subdirectories.

All HTTP errors for which you can change the error page are listed in the Error docs list. To view the current settings for an error or change them, click on the error's name or number. The Edit Error Document page will open where you can change the default error document for the chosen type of error to your own one.

Plesk protect 07.gif

The Error label contains the standard error number along with its description.

The Type drop-down list contains two items: Default and File. When it is set to Default, the default IIS documents are used and the Location field below is inactive. To force server to show your page instead of the default one for the selected error type, select the File option in the Type drop-down field and type the name of the desired HTML document in the corresponding field. The error documents should lie in the errordocs directory and the Location field should only contain the name of document, e.g. 404.html. Managing Protected URLs

Plesk allows setting protection on a URL for a web directory, which means the URL will be accessible only by users allowed to do so. You can protect both physical and virtual folders. To manage URL protection of the current directory, go to the Protection tab. The following screen will appear:

Plesk protect 08.gif

To protect the URL for the current directory, press the Protect button. Now you can start adding users which will have access to it. To do this, press the Add New User button. A new screen will open where you will have to specify new user's name and password. When the user tries to access the protected URL via browser, a window opens where user should enter his/her name and password.

Click the Preferences button to set up the current protected URL's settings.

The list at the bottom of page shows all users which have permission to access the URL. You can click on user's name to change its password.

If you want to disable URL protection for the current directory, press the Remove protection button.