• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

¿How disable PHP execution in certain directories with plesk?

P

pintalabios

New Pleskian
Hi

I have a plesk 12.5 on CentOS 6.7 (Final)

I am using Plesk Panel

I want to disable PHP execution in certain directories of a website

I tried some things like 1 and 2

1) INSIDE Additional Directives for Apache for the Domain directory selected

<Directory "/var/www/vhosts/MY_DOMAIN/httpdocs/MY_DIRECTORY">
Options -ExecCGI
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi

RemoveHandler .php .phtml .php3
RemoveType .php .phtml .php3
php_flag engine off

</Directory>

and is not working

2) INSIDE Additional Directives for php, for the Domain selected

[PATH=/var/www/vhosts/MY_DOMAIN/httpdocs/MY_DIRECTORY]
engine = off

and is not working either

NOTE: The only that is working is

<filesmatch ".(htaccess|htpasswd|ini|php|fla|psd|log|sh|pl|py|html|jsp|asp|shtml|htm|cgi)$">
Order Allow,Deny
Deny from all
</filesmatch>

BUT I DON'T WANT ONLY THIS

Thanks for suggestions ^_^
 
I just wonder what is the purpose for disabling PHP in some folders and allowing in others?
 
Hi

I was recently hacked in a website :(

One hacker put a backdor within an image that had php code inside

look that

YOU MUST secure all directories when a user can upload images or another file.

Search in google "image Exif backdoor" for more info

This is why i search to NO ALLOW php or execution of another language how pyton ... on some directories ;)

Best
 
You must log in or register to reply here.

Similar threads

L
Issue Apache 2.4 Problem
Replies
10
Views
3K
Maarten
M
D
Input How to run Magento 2 on Plesk Obsidian 18 without Docker
Replies
7
Views
6K
grizlyadams
G
IronDonDon
Plesk+LiteSpeedENT+WP Tookit rules
Replies
0
Views
2K
IronDonDon
IronDonDon
blueberry
Resolved Location regex does not work in Additional Nginx directives
Replies
5
Views
5K
Sameer Sam
S
AdrianC
Issue Download prompt instead of processing PHP code, after creating an Alias
Replies
1
Views
1K
AdrianC
AdrianC
Back
Top