• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Configuring server-wide security policy. PHP Version and Handler

Daniel West

Daniel West

New Pleskian
I'm getting an alert when I set my PHP version of PHP handler.
"There are settings that conflict with the server-wide security policy. Are you sure you want to continue?"

I can continue, but I'd like to adjust the server-wide policy to allow any PHP version that is installed - additionally the handler types show up as a problem.

This is my site_isolation_settings.ini
Code: 
;; The section describes allowed hosting options

[hosting]
php = any
php_handler_type = fastcgi
;python = off
;perl = off
;fastcgi = any
;miva = off
;ssi = any
;ssl = any
;shell = /usr/local/psa/bin/chrootsh
;asp = any
;php_safe_mode = on
;coldfusion = off

I've also attach a screenshot of the error, my settings that are causing this warning to show.

My permissions are set so "Setup of potentially insecure web scripting options that override provider's policy" is Off.

Is this a bug or am I missing something? Thanks in advance.
 

Attachments

  • Screen Shot 2017-01-13 at 11.36.50.png
    Screen Shot 2017-01-13 at 11.36.50.png
    51.4 KB · Views: 15
  • Screen Shot 2017-01-13 at 11.37.15.png
    Screen Shot 2017-01-13 at 11.37.15.png
    12.1 KB · Views: 13
Last edited:
Thanks IgorG. What is it that makes that version of PHP insecure? By change the option "Setup of potentially insecure web scripting options that override provider's policy" to On dies that simply mean the user themselves will be able to select any option that I've permitted in the site_isolation_settings.ini or does it give them permissions that they really shouldn't have?

Also, I imagine the warning is there for a reason - what is it about the later versions of PHP that make them potentially insecure?

Sorry for all the additional questions - I'd just like to try and understand these security messages as fully as possible instead of simply changing an option without knowing if there are any other negative effects.
 
You must log in or register to reply here.

Similar threads

Jan Bludau
Input For security reasons: Turn off outputting PHP Version and also Webserver Version
Replies
0
Views
835
Jan Bludau
Jan Bludau
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
623
NewGate
N
Stergios G
Resolved Error: Unable to retrieve information about the PHP configuration
Replies
2
Views
9K
Stergios G
Stergios G
KonstantinosP
Resolved Disabling an extension from one custom PHP handler will disable the same extension on all others, too
Replies
5
Views
2K
KonstantinosP
KonstantinosP
O
Forwarded to devs Service Plans: Conflicts with the server-wide security policy on PHP 8.0 change
Replies
3
Views
1K
IgorG
IgorG
Back
Top