• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Prevent PHP-FPM to execute .php? files

Pascal_Netenvie

Regular Pleskian
Server operating system version
Debian 11.7
Plesk version and microupdate number
18.0.52
Hi,
For security reasons i want to prevent PHP-FPM to execute file with extension php3|php4|php5|php7|php8 etc ...
Actually these files are executed.
How can i disable this please ?
 
In a one-liner in .htaccess for example:
RewriteRule ^your-directory/.*\.(php3|php4|php5|php7|php8)$ - [F,L,NC]
With your-directory = the start path to the files, this can also be just /.* or .*
 
Ok but there is no way to put this rule in apache server configuration ?
I have my own configuration file in /etc/apache2/conf-enabled/ and i added following lines in it but it seems to not work :

Code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule \.(php3|php4|php5|php7|php8)$ - [F,L,NC]
</IfModule>
 
Ok finally i used this and it work perfect :

Code:
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
<FilesMatch "\.(php3|php4|php5|php7|php8)$">
Require all denied
</FilesMatch>
</IfModule>
</IfModule>
 
And finally i changed it to :


Code:
<IfModule mod_setenvif.c>
  <IfModule mod_headers.c>
    <FilesMatch "\.(php.)$">
      Require all denied
    </FilesMatch>
  </IfModule>
</IfModule>
 
Back
Top