• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Configuring server-wide security policy. PHP Version and Handler

Daniel West

New Pleskian
I'm getting an alert when I set my PHP version of PHP handler.
"There are settings that conflict with the server-wide security policy. Are you sure you want to continue?"

I can continue, but I'd like to adjust the server-wide policy to allow any PHP version that is installed - additionally the handler types show up as a problem.

This is my site_isolation_settings.ini
Code:
;; The section describes allowed hosting options

[hosting]
php = any
php_handler_type = fastcgi
;python = off
;perl = off
;fastcgi = any
;miva = off
;ssi = any
;ssl = any
;shell = /usr/local/psa/bin/chrootsh
;asp = any
;php_safe_mode = on
;coldfusion = off

I've also attach a screenshot of the error, my settings that are causing this warning to show.

My permissions are set so "Setup of potentially insecure web scripting options that override provider's policy" is Off.

Is this a bug or am I missing something? Thanks in advance.
 

Attachments

  • Screen Shot 2017-01-13 at 11.36.50.png
    Screen Shot 2017-01-13 at 11.36.50.png
    51.4 KB · Views: 15
  • Screen Shot 2017-01-13 at 11.37.15.png
    Screen Shot 2017-01-13 at 11.37.15.png
    12.1 KB · Views: 13
Last edited:
Thanks IgorG. What is it that makes that version of PHP insecure? By change the option "Setup of potentially insecure web scripting options that override provider's policy" to On dies that simply mean the user themselves will be able to select any option that I've permitted in the site_isolation_settings.ini or does it give them permissions that they really shouldn't have?

Also, I imagine the warning is there for a reason - what is it about the later versions of PHP that make them potentially insecure?

Sorry for all the additional questions - I'd just like to try and understand these security messages as fully as possible instead of simply changing an option without knowing if there are any other negative effects.
 
Back
Top