IP access restrictions specified in the
.htaccess file do not work properly if the nginx reverse proxy server is enabled. This may cause the following outcomes:
If .htaccess denies access to everyone but selected addresses, error 403 is always displayed.
If .htaccess denies access only to specific IP addresses/networks, visitors from these IPs still can access the website.
Since Plesk 11.5, it is possible to customize web server settings for each domain using the Web Server Settings button (permission Hosting management should be enabled on the subscription). Among available settings are IP/network restrictions.
There is no solution for Plesk 11.0 except manually modifying the global nginx configuration file.
nginx proxies requests to Apache via the "rpaf" module so that in Apache logs, we see the real IP of a site visitor. But in fact, the connection between nginx and Apache is established using local server IP addresses, and Apache applies IP restrictions to local IP addresses.