In this section, we will describe general Plesk server settings. These settings include a set of parameters related to statistics and miscellaneous options such as server-wide permissions for customers. To change the general server settings, go to Tools & Settings > Server Settings (under “General Settings”).

image 74995

Statistics Options

You can configure the following statistics-related options:

  • “Retain web and traffic statistics for”

    Here you set the period for which the server will store web statistics and traffic statistics gathered by Webalizer or AWstats programs. By default, Plesk keeps the data for the last three months.

  • “Include in the disk space usage calculation”

    Here you select object types that Plesk will take into account when calculating disk space usage.

  • (Plesk for Linux) “When calculating disk space usage, count”

    This option lets you define how Plesk will count the disk space used by each object: by its size or amount of used disk space. For information on how exactly Plesk calculates disk space usage, see the section About Disk Space Usage Calculation.

  • “Include in the traffic calculation”

    Here you select what types of traffic Plesk will count when calculating traffic: inbound, outbound, or both of them.

Miscellaneous Options

In addition to the settings related to statistics, you can edit the following settings:

  • “Full hostname”

    The host name of the Plesk server.

  • “Forbid users to create DNS subzones in other users’ DNS superzones”

    When a customer creates a domain, they can specify not only the second-level domain names (like example.com) but also third- and lower levels of domain names, for example, doc.example.com. When a customer creates doc.example.com and the original domain name, example.com, was created by another customer, the system will not allow creating such a subdomain if the corresponding option is selected.

    We recommend that you select this option. Otherwise, users will be able to create fake subdomains and set up websites and email accounts which could be used for spamming or even phishing or identity theft.

  • “Forbid customers to change the name of their system user”

    When you add a subscription for a hosting customer, you specify a name of a system user associated with this subscription. On behalf of this user, the customer accesses the server over FTP or SSH, works with the file system, and so on.

    By default, customers are allowed to change the names of system users associated with their subscriptions. Use this option to prevent customers from modifying these names.

    Note: This option works only for customers who are not granted the Hosting Management permission. This permission enables customers to modify the name of the system user even if the option is selected.

  • “Forbid customers and resellers to change their main domain name”

    Plesk creates the main domain of a subscription and the subscription at the same time. The main domain name matches the subscription name. You can prohibit customers and resellers from changing their main domain name by selecting the corresponding setting. The selected setting does not prevent you or additional Plesk administrators from changing names of customers’ and resellers’ subscriptions.

  • “Preferred domain for websites”

IP Address Anonymization and Log Rotation

Under GDPR, IP addresses are considered to be personal data. To protect your customers’ and resellers’ data and to make your server GDPR compliant, you can do the following:

  • Anonymize IP addresses in web statistics and mail logs.
  • Force daily log rotation for all domains and service plans.

image rotation and anonymization

The IP address anonymization feature works differently in Plesk for Linux and Windows:

  • (Plesk for Linux) The feature sets the last octet of IPv4 and the last group of IPv6 addresses to zeros. Plesk anonymizes IP addresses only during log rotation and only in the following logs:
    • /var/log/httpd/*
    • /var/log/nginx/*
    • /var/log/maillog
    • /var/log/fail2ban.log
    • /var/log/modsec_audit.log
    • /var/www/vhosts/*/logs/*
  • (Plesk for Windows) The feature disables logging of customers’ and resellers’ IP addresses in IIS, FTP, and mail logs. IP addresses anonymization works when the corresponding option is enabled regardless of log rotation.

Enabled log rotation ensures that personal data in logs are stored no longer than necessary (see Article 5 (1)(e) of GDPR).

Log rotation automatically deletes log files older than the specified date. The server-wide log rotation settings overwrite those for particular domains and service plans (existing and future ones). In Plesk for Linux, log rotation affects the following logs:

  • /var/log/nginx/*
  • /var/log/maillog
  • /var/www/vhosts/*/logs/*
  • /var/log/plesk/xferlog.processed
  • /var/log/fail2ban.log
  • /var/log/modsec_audit.log

To make your server GDPR compliant:

  1. Go to Tools & Settings > Server Settings (under “General Settings”).
  2. Select “Anonymize IP addresses during log rotation and collecting of web statistics” (Plesk for Linux) or “Disable IP logging in IIS, FTP and mail logs” (Plesk for Windows).
  3. Select “Force daily log rotation for all domains” and keep “7” in the number of days log files are stored. It is not recommended to store log files longer than seven days.
  4. Click OK.