1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Security problem htaccess and deny from + fix

Discussion in 'Plesk Suggestions and Feedback' started by LinqLOL, Oct 23, 2012.

  1. LinqLOL

    LinqLOL Basic Pleskian

    13
    60%
    Joined:
    Aug 4, 2012
    Messages:
    77
    Likes Received:
    1
    Problem:
    When you want to limit access to certain parts of your website (under fcg) and your using .htaccess (deny from all and allow from x.x.x.x). This currently only works for images, html and other non .php pages. php files can still be accessed by anyone! This is because of some stupid bug in the default template of Plesk.

    Code:
    <Files ~ (\.php)>
       SetHandler fcgid-script
      FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
      Options +ExecCGI
      [COLOR="Red"]allow from all[/COLOR]
    </Files> 
    
    This problem is also noted on http://forum.parallels.com/showthread.php?p=644997#post644997

    FIX

    The commands below will fix this problem. It is possible this file will be replaced in future versions. Don't blame me! It would
    better if Plesk fixes this.

    Code:
    sed -i '/allow from all/d' /usr/local/psa/admin/conf/templates/default/service/php_over_cgi.php
    sed -i '/allow from all/d' /usr/local/psa/admin/conf/templates/default/service/php_over_fastcgi.php
    /usr/local/psa/admin/sbin/httpdmng --reconfigure-all
    
     
Loading...