• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue PHP files are downloaded instead of executing

p0se

Basic Pleskian
Hello,

I have a problem with a domain of a customer
The Link is https://www.vaperzpoint-shop.de/

When I try to open the link, the browser downloads a file

I have already searched for the error and tried the following
PHP pages are downloaded if PHP-FPM is used
PHP files are downloaded instead of executing

also i tryed plesk repair

It happens at all settings
  • CGI Apache
  • FastCGI Apache
  • FPM Apache
  • FPM nginx
PHP 7.0.31

when i use a Browser who has the side in his cache, everything works fine.

The Customer has a secon homepage with exactly the same settings. But without any problems.
 
Last edited:
Imgur

.htaccess

Code:
<IfModule mod_rewrite.c>
RewriteEngine on

#RewriteBase /shopware/

# Https config for the backend
#RewriteCond %{HTTPS} !=on
#RewriteRule backend/(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteRule shopware.dll shopware.php
RewriteRule files/documents/.* engine [NC,L]
RewriteRule backend/media/(.*) media/$1 [NC,L]

RewriteCond %{REQUEST_URI} !(\/(engine|files|templates|themes|web)\/)
RewriteCond %{REQUEST_URI} !(\/media\/(archive|banner|image|music|pdf|unknown|video)\/)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ shopware.php [PT,L,QSA]

# Fix missing authorization-header on fast_cgi installations
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule>

<IfModule mod_alias.c>
    # Block access to VCS directories
    RedirectMatch 404 /\\.(svn|git|hg|bzr|cvs)(/|$)

    # Restrict access to root folder files
    RedirectMatch 404 /(composer\.(json|lock)|README\.md|UPGRADE\.md)$
</IfModule>

# Staging environment
#SetEnvIf Host "staging.test.shopware.in" SHOPWARE_ENV=staging

# Development environment
#SetEnvIf Host "dev.shopware.in" SHOPWARE_ENV=dev
#SetEnv SHOPWARE_ENV dev

DirectoryIndex index.html
DirectoryIndex index.php
DirectoryIndex shopware.php

# Disables download of configuration
<Files ~ "\.(tpl|yml|ini)$">
    # Deny all requests from Apache 2.4+.
    <IfModule mod_authz_core.c>
          Require all denied
    </IfModule>

    # Deny all requests from Apache 2.0-2.2.
    <IfModule !mod_authz_core.c>
        Deny from all
    </IfModule>
</Files>

# Enable gzip compression
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/xml text/plain text/css text/javascript application/javascript application/json application/font-woff application/font-woff2 image/svg+xml
</IfModule>

<Files ~ "\.(jpe?g|png|gif|css|js|woff|eot)$">
    <IfModule mod_expires.c>
        ExpiresActive on
        ExpiresDefault "access plus 1 month"
    </IfModule>

    <IfModule mod_headers.c>
        Header append Cache-Control "public"
        Header unset ETag
    </IfModule>

    FileETag None
</Files>

# Match generated files like:
# 1429684458_t22_s1.css
# 1429684458_t22_s1.js
<FilesMatch "([0-9]{10})_(.+)\.(js|css)$">
    <ifModule mod_headers.c>
        Header set Cache-Control "max-age=31536000, public"
    </ifModule>

    <IfModule mod_expires.c>
        ExpiresActive on
        ExpiresDefault "access plus 1 year"
    </IfModule>
</FilesMatch>

# Disables auto directory index
<IfModule mod_autoindex.c>
    Options -Indexes
</IfModule>

<IfModule mod_negotiation.c>
    Options -MultiViews
</IfModule>

<IfModule mod_php5.c>
#  php_value memory_limit 256M
#  php_value max_execution_time 120
#  php_value upload_max_filesize 20M
   php_flag phar.readonly off
   php_flag magic_quotes_gpc off
   php_flag session.auto_start off
   php_flag suhosin.session.cryptua off
   php_flag zend.ze1_compatibility_mode off
   php_value always_populate_raw_post_data -1
</IfModule>

#   AddType x-mapp-php5 .php
#   AddHandler x-mapp-php5 .php

<IfModule mod_headers.c>
    Header append X-Frame-Options SAMEORIGIN
</IfModule>

The second page of the customer which is also a shop has the same .htaccess and works.
 
Yes, the phpinfo link works.

I have tried it with the following PHP versions.
  • 7.0.31
  • 7.1.21
  • 7.2.7 by os vendor
The same problem everywhere
 
I found something in the error log.

Code:
[Wed Sep 12 12:45:36.133628 2018] [autoindex:error] [pid 15016] [client 131.234.xxxx.xxxx:54534] AH01276: Cannot serve directory /var/www/vhosts/maikai-gmbh.de/httpdocs/vaperzpoint-shop.de/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,index.shtml) found, and server-generated directory index forbidden by Options directive

I think that has something to do with this!?
 
I have now disabled nginx caching.
Now the page works again.

but this is not necessarily the right solution. I have a second identical online shop with nginx caching on. It runs without any problems.
 
i had the same issue.

my problem was solved by reinstall mod_security (was uninstalled, but was normally installed).
A Strange behaviour is that in my chrome 85 profil that i use for work shows the download php file instead of executing it.
in my incognito mode everythink works as expected. *strange*

close your browser after changes (!)
 
Back
Top