• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

be careful! serious possible bug

S

sebgonzes

Silver Pleskian
We have found what appear an serious bug with apache mpm-event (Centos7 with plesk 12.5 MU21)...
If apache is configurated as this, the php5 case is disabled and can't be activated. Well, if you configurate an domain with nginx + php-fpm, you access to http://www.domain.com and all work, in the next time, try to change the url with http://www.domain.com:7080 (apache port) and... php file are downloaded (work also with wp-config.php for exemple) !

Can anyone try it in some other plesk 12.5 server?

If you configure apache with prefork, you can check the php5 checkbox, and problem not appear....
 
I don't have that problem but I also have my firewall configured to block all ports expect the ports that are actually being used so port 7080 is blocked by IPTables. It's always good practice to drop packets going to unused ports too so you can avoid issues like that. (btw I'm using Plesk's Firewall so manage my firewall rules too)
 
scsa20 said:
I don't have that problem but I also have my firewall configured to block all ports expect the ports that are actually being used so port 7080 is blocked by IPTables.
Click to expand...
I enabled the virtuozzo container firewall with a "deny-all" policy. I had to allow input destination ports 7080-7081 to get the web server working.
Should those ports be allowed to "any" or would just 127.0.0.1 work?
 
Well, in our case we can't block this port because we discover the bug in an complex website, that require nginx + php-fpm with specific rewrite rules for the principal website, but also have 2 wordpress in subfolder, that we redirect to apache and 7080 port with our proper .htaccess.
Can someone reproduce the problem? I think, if it's not a config error in our case (I don't think so), it's very critical things... an hacker can obtain any php files....
 
I already have an open ticket for this, mpm-event and no mod_php. Tried to use the Alias function of apache, which doesn't work at all, .php files are downloaded. If you re-enable mod_php, this works.
 
Meanwhile i found out for myself, but also the ticket cleared some things up. As per default in Plesk 12.5 (fresh install) mod_php is disabled and can only be re-enabled if you change to MPM to Prefork. As per default mod_php is disabled you have to configure a php-handler yourself, in the vhost.conf for example. Since this information is only found in a KB Article from odin, i asked the plesk team to include this into the admin documentation and maybe have a hint in the gui when configuring anything php-related that is outside of the normal document root. Hopefully they will do this. I even would prefer adding an automatic php-handler if using php outside of document root.
 
You must log in or register to reply here.

Similar threads

M
Resolved Missing HTTP_HOST causes incorrect URL generation in WP Toolkit
Replies
12
Views
2K
Maarten
M
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
3K
NewGate
N
K
Question Need advice on best PHP/Apache settings for best performance
Replies
3
Views
4K
Cike76
C
F
Issue Php cannot interpretate/read pages... downloading pages
Replies
9
Views
1K
tkalfaoglu
tkalfaoglu
H
Resolved Nginx + non "plain" Wordpress Permalinks error.
2
Replies
22
Views
15K
tomandersen
T
Back
Top