Adjusting Apache and Nginx Settings

Apache and nginx have certain settings you can customize on the domain level. They are located in Websites & Domains > domain name > Apache & nginx Settings. These settings are divided into two groups:

  • Common Apache settings
  • nginx settings

    apache

 
Configuring MIME Types

MIME types match file extensions with file types to instruct web browsers how to handle certain types of files. For example, the following MIME type

text/plain .txt

instructs the web browser to process all .txt files as plain text. By default, most common MIME types are already preconfigured. However, if you find that the pages of your website cannot be properly processed by web browsers because you use files with non-standard extensions, you need to configure one or more custom MIME types.

To configure custom MIME types:

  1. Go to Websites & Domains > Apache & nginx Settings.
  2. Under MIME types, select the Enter custom value radio button.
  3. Type in or delete the desired MIME types, and click OK.
 
Configuring Apache Handlers

Apache handlers instruct the web server how to process files with specific extensions. For example, the following handler

cgi-script .cgi

instructs the web server to treat all .cgi files as cgi scripts. By default, handlers for files with common extensions are already preconfigured. However, if you want to change which handler is used to process files with a specific extension, you need to configure one or more custom handlers.

To configure custom handlers:

  1. Go to Websites & Domains > Apache & nginx Settings.
  2. Under Handlers, select the Enter custom value radio button.
  3. Type in or delete the desired handlers, and click OK.
 
Denying Access to the Website

You can prevent certain visitors from accessing your website. You can deny access to:

  • Individual IP addresses (for example, 192.168.1.110)
  • Subnets of IP addresses (for example, 127.0.0.1/8)
  • Specific host names (for example, example.com)
  • Everyone (by using an asterisk "*" character )

Blocked visitors will receive a "403 Forbidden" error message when trying to browse your website.

To configure access to your website:

  1. Go to Websites & Domains > Apache & nginx Settings.
  2. Under Deny access to the site, select the Enter custom value radio button.
  3. Type in or delete the desired IP addresses, subnets, or hostnames.
  4. If you blocked a subnet, but would like to allow one or more IP addresses belonging to it to access your website, type them in the Excluding field.
  5. Click OK.
 
Configuring Index Files

Whenever a visitor to your website browses a URL requesting a directory instead of a specific file (for example, www.example.com or www.example.com/example instead of www.example.com/index.html), Apache looks for an index file to display. By default, Apache looks for the following files (in the order specified):

  1. index.html
  2. index.cgi
  3. index.pl
  4. index.php
  5. index.xhtml
  6. index.htm
  7. index.shtml

If all seven files were to be present in a directory, a visitor browsing it would be served the index.html file. If index.html were to be missing, Apache would look for the index.cgi file instead, and so on. If no suitable index file is found, by default, a "403 Forbidden" error is displayed.

Plesk allows you to customize what index files Apache looks for whenever a visitor browses a directory on your website:

  • You can change the order in which Apache looks for index files (for example, you may want it to display the index.php file by default instead of index.html).
  • You can add index file names to the list, or remove them (for example, if your website's default page is named hello.php, you can have Apache serve it by default).

To configure the index files:

  1. Go to Websites & Domains > Apache & nginx Settings.
  2. Under Index files, select the Enter custom value radio button.
  3. Type in or delete the desired names of index files in the order in which Apache should look for them, and click OK.
 
Configuring the "Expires" Header

The Apache expires header governs how long web browsers can keep cached copies of your web content before requesting it again from the server. Configuring this header can decrease the server load and speed up your website.

For example, you set the expiration period to 10 days. A visitor browses your website, requesting its index.html page. The visitor's web browser stores a copy of the page in its cache, and for the next 10 days it would serve the cached copy every time the visitor browses your website. On the eleventh day, if the page is requested again, the browser would request the page again from the server, because the one it stores in the cache is past its expiration date.

When configuring the expires header for websites featuring dynamic content, we recommend enabling the response with Expires headers for static files only option. Otherwise, all content, including dynamic content, will be stored in the visitors' browsers' cache for the duration of the expiration period. This is not recommended, because the dynamic content is, as a rule, updated frequently.

To configure the "Expires" header:

  1. Go to Websites & Domains > Apache & nginx Settings.
  2. Under Expires, select the Enter custom value radio button.
  3. Specify the desired expiration period (the recommended length of the expiration period is 14 days).
  4. If your website features dynamic content, make sure that the response with Expires headers for static files only checkbox is selected.
  5. Click OK.

Note: If nginx is enabled, only files served by Apache will have the expires header. If the Smart static files processing checkbox is selected, which files are treated as static is determined by the Apache and nginx default configurations. If the Serve static files directly by nginx checkbox is selected and any file extensions are specified, nginx only serves the files with the specified extensions.

 
Configuring Additional Headers

You can configure additional headers to HTTP responses according to the following pattern:

Name : Value

HTTP response headers contain information about the requested page to instruct web browsers to perform various actions. For example, the following header will protect the visitors to your website against clickjacking:

X-Frame-Options: DENY

To configure additional headers:

  1. Go to Websites & Domains > Apache & nginx Settings.
  2. Under Additional headers, select the Enter custom value radio button.
  3. Type in or delete the desired handlers, and click OK.
 
Restricting the Ability to Follow Symbolic Links

By default, Apache is allowed to follow symbolic links. If your website does not use symbolic links, we recommend disabling this option as it presents a minor security risk.

To forbid Apache from following symbolic link:

  1. Go to Websites & Domains > Apache & nginx Settings.
  2. Select the Restrict the ability to follow symbolic links checkbox and, and click OK.
 

Leave your feedback on this topic here

If you have questions or need support, please visit the Plesk forum or contact your hosting provider.
The comments below are for feedback on the documentation only. No timely answers or help will be provided.