• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved SetEnv website configuration unable to get value in cgi

Pascal M.

New Pleskian
Server operating system version
Ubuntu 18.04.2 LTS
Plesk version and microupdate number
Obsidian 18.0.52
Hello,

we use script language in cgi-bin mode.
The scripts receive all Apache variables such as HTTP_REFERER, SERVER_NAME, ... but not environment variables such as LC_CTYPE.
Does anybody knows the reason please ?

Even if we define "SetEnv myvar "myvalue"" in section "Apache/Nginx" / Directives supplémentaires pour HTTPS

Our server is a dedicated server running Apache 2.4 and we have approximately 30 website concerned by the subject.

Tnak's in advance for your advices.
 
For security reasons 'suexec' in Plesk passes only the following environment variables to CGI scripts:

"AUTH_TYPE",
"CONTENT_LENGTH",
"CONTENT_TYPE",
"DATE_GMT",
"DATE_LOCAL",
"DOCUMENT_NAME",
"DOCUMENT_PATH_INFO",
"DOCUMENT_ROOT",
"DOCUMENT_URI",
"FILEPATH_INFO",
"GATEWAY_INTERFACE",
"LAST_MODIFIED",
"PATH_INFO",
"PATH_TRANSLATED",
"QUERY_STRING",
"QUERY_STRING_UNESCAPED",
"REMOTE_ADDR",
"REMOTE_HOST",
"REMOTE_IDENT",
"REMOTE_PORT",
"REMOTE_USER",
"REDIRECT_QUERY_STRING",
"REDIRECT_STATUS",
"REDIRECT_URL",
"REQUEST_METHOD",
"REQUEST_URI",
"SCRIPT_FILENAME",
"SCRIPT_NAME",
"SCRIPT_URI",
"SCRIPT_URL",
"SERVER_ADMIN",
"SERVER_NAME",
"SERVER_ADDR",
"SERVER_PORT",
"SERVER_PROTOCOL",
"SERVER_SOFTWARE",
"UNIQUE_ID",
"USER_NAME",
"TZ",
"FPEXE",
"FPUID",
"FPGID",
"FPFD",
+ HTTP_*, HTTPS_*, SSL_*

Unfortunately this cannot be redefined. You can find more information about suexec at http://httpd.apache.org/docs/2.0/suexec.html .
 
Thank you for your rapid and exhaustive response.
Unfortunatly, the LC_CTYPE is mandatory to execute tolower and toupper C function.
The cgi-bin script must receive this environment variable to run correctly and convert lower and upper letters.
It seems that this point has been forgotten by devs ?
How can we fix that point in a secure way ? Maybe by add LC_CTYPE in the liste of suexec filter ?
I dont't know how to manage this point otherway.

Have a nice day.
 
I think that the "this cannot be redefined" should mean that it is not possible to add entries. But I am open to ideas, it could be helpful for other users if someone here knows more.
 
Meanwhile, we use database connect to convert lower or upper character using LC_CTYPE got by MariaDB.
Thank for your help.
 
Back
Top