Issue PHP files are downloaded instead of executing

[p0se]

Hello,

I have a problem with a domain of a customer
The Link is https://www.vaperzpoint-shop.de/

When I try to open the link, the browser downloads a file

I have already searched for the error and tried the following
PHP pages are downloaded if PHP-FPM is used
PHP files are downloaded instead of executing

also i tryed plesk repair

It happens at all settings

• CGI Apache
• FastCGI Apache
• FPM Apache
• FPM nginx

PHP 7.0.31

when i use a Browser who has the side in his cache, everything works fine.

The Customer has a secon homepage with exactly the same settings. But without any problems.

 

[sebgonzes]

Are you sure the php is active in your subscription setting? can you join us an screenshot?

 

[sebgonzes]

Also check you .htaccess if you have on created in your hosting.

 

[p0se]

Imgur

.htaccess

<IfModule mod_rewrite.c>
RewriteEngine on

#RewriteBase /shopware/

# Https config for the backend
#RewriteCond %{HTTPS} !=on
#RewriteRule backend/(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteRule shopware.dll shopware.php
RewriteRule files/documents/.* engine [NC,L]
RewriteRule backend/media/(.*) media/$1 [NC,L]

RewriteCond %{REQUEST_URI} !(\/(engine|files|templates|themes|web)\/)
RewriteCond %{REQUEST_URI} !(\/media\/(archive|banner|image|music|pdf|unknown|video)\/)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ shopware.php [PT,L,QSA]

# Fix missing authorization-header on fast_cgi installations
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>

<IfModule mod_alias.c>
    # Block access to VCS directories
    RedirectMatch 404 /\\.(svn|git|hg|bzr|cvs)(/|$)

    # Restrict access to root folder files
    RedirectMatch 404 /(composer\.(json|lock)|README\.md|UPGRADE\.md)$
</IfModule>

# Staging environment
#SetEnvIf Host "staging.test.shopware.in" SHOPWARE_ENV=staging

# Development environment
#SetEnvIf Host "dev.shopware.in" SHOPWARE_ENV=dev
#SetEnv SHOPWARE_ENV dev

DirectoryIndex index.html
DirectoryIndex index.php
DirectoryIndex shopware.php

# Disables download of configuration
<Files ~ "\.(tpl|yml|ini)$">
    # Deny all requests from Apache 2.4+.
    <IfModule mod_authz_core.c>
          Require all denied
    </IfModule>

    # Deny all requests from Apache 2.0-2.2.
    <IfModule !mod_authz_core.c>
        Deny from all
    </IfModule>
</Files>

# Enable gzip compression
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/xml text/plain text/css text/javascript application/javascript application/json application/font-woff application/font-woff2 image/svg+xml
</IfModule>

<Files ~ "\.(jpe?g|png|gif|css|js|woff|eot)$">
    <IfModule mod_expires.c>
        ExpiresActive on
        ExpiresDefault "access plus 1 month"
    </IfModule>

    <IfModule mod_headers.c>
        Header append Cache-Control "public"
        Header unset ETag
    </IfModule>

    FileETag None
</Files>

# Match generated files like:
# 1429684458_t22_s1.css
# 1429684458_t22_s1.js
<FilesMatch "([0-9]{10})_(.+)\.(js|css)$">
    <ifModule mod_headers.c>
        Header set Cache-Control "max-age=31536000, public"
    </ifModule>

    <IfModule mod_expires.c>
        ExpiresActive on
        ExpiresDefault "access plus 1 year"
    </IfModule>
</FilesMatch>

# Disables auto directory index
<IfModule mod_autoindex.c>
    Options -Indexes
</IfModule>

<IfModule mod_negotiation.c>
    Options -MultiViews
</IfModule>

<IfModule mod_php5.c>
#  php_value memory_limit 256M
#  php_value max_execution_time 120
#  php_value upload_max_filesize 20M
   php_flag phar.readonly off
   php_flag magic_quotes_gpc off
   php_flag session.auto_start off
   php_flag suhosin.session.cryptua off
   php_flag zend.ze1_compatibility_mode off
   php_value always_populate_raw_post_data -1
</IfModule>

#   AddType x-mapp-php5 .php
#   AddHandler x-mapp-php5 .php

<IfModule mod_headers.c>
    Header append X-Frame-Options SAMEORIGIN
</IfModule>

The second page of the customer which is also a shop has the same .htaccess and works.

 

[sebgonzes]

Imgur

it seem stange. Nothing in your .htaccess? The phpinfo link work from plesk? The problem is with all php version or only php7?

 

[p0se]

Yes, the phpinfo link works.

I have tried it with the following PHP versions.

• 7.0.31
• 7.1.21
• 7.2.7 by os vendor

The same problem everywhere

 

[sebgonzes]

Yes, the phpinfo link works.

I have tried it with the following PHP versions.

• 7.0.31
• 7.1.21
• 7.2.7 by os vendor

The same problem everywhere

Can you post your /var/www/vhosts/system/vaperzpoint-shop.de/conf/httpd.conf file content?

 

[sebgonzes]

Can you post your /var/www/vhosts/system/vaperzpoint-shop.de/conf/httpd.conf file content?

Recomand you to delete during the test, the htaccess, to be sure that is not some of the cause of problem.

 

[p0se]

the httpd.conf has more than 10000 characters so I had to upload it....

httpd.conf

I renamed the htaccess for the test.

 

[p0se]

I found something in the error log.

[Wed Sep 12 12:45:36.133628 2018] [autoindex:error] [pid 15016] [client 131.234.xxxx.xxxx:54534] AH01276: Cannot serve directory /var/www/vhosts/maikai-gmbh.de/httpdocs/vaperzpoint-shop.de/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,index.shtml) found, and server-generated directory index forbidden by Options directive

I think that has something to do with this!?

 

[p0se]

Okay, now I don't understand anything....

when i go to https://www.vaperzpoint-shop.de/ the browser downloading a file.
when i got to Basen/Shots i can visit the site an the normal link ist working again.

when i delete my cache, i got the error befor

 

[p0se]

I have edited and controlled the hosting settings. Since then, under Vaperzpoint Shop i got the Plesk Error page.

 

[p0se]

I have now disabled nginx caching.
Now the page works again.

but this is not necessarily the right solution. I have a second identical online shop with nginx caching on. It runs without any problems.

 

[Jan Bludau]

i had the same issue.

my problem was solved by reinstall mod_security (was uninstalled, but was normally installed).
A Strange behaviour is that in my chrome 85 profil that i use for work shows the download php file instead of executing it.
in my incognito mode everythink works as expected. *strange*

close your browser after changes (!)