• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved SetEnv website configuration unable to get value in cgi

Pascal M.

New Pleskian
Server operating system version
Ubuntu 18.04.2 LTS
Plesk version and microupdate number
Obsidian 18.0.52
Hello,

we use script language in cgi-bin mode.
The scripts receive all Apache variables such as HTTP_REFERER, SERVER_NAME, ... but not environment variables such as LC_CTYPE.
Does anybody knows the reason please ?

Even if we define "SetEnv myvar "myvalue"" in section "Apache/Nginx" / Directives supplémentaires pour HTTPS

Our server is a dedicated server running Apache 2.4 and we have approximately 30 website concerned by the subject.

Tnak's in advance for your advices.
 
For security reasons 'suexec' in Plesk passes only the following environment variables to CGI scripts:

"AUTH_TYPE",
"CONTENT_LENGTH",
"CONTENT_TYPE",
"DATE_GMT",
"DATE_LOCAL",
"DOCUMENT_NAME",
"DOCUMENT_PATH_INFO",
"DOCUMENT_ROOT",
"DOCUMENT_URI",
"FILEPATH_INFO",
"GATEWAY_INTERFACE",
"LAST_MODIFIED",
"PATH_INFO",
"PATH_TRANSLATED",
"QUERY_STRING",
"QUERY_STRING_UNESCAPED",
"REMOTE_ADDR",
"REMOTE_HOST",
"REMOTE_IDENT",
"REMOTE_PORT",
"REMOTE_USER",
"REDIRECT_QUERY_STRING",
"REDIRECT_STATUS",
"REDIRECT_URL",
"REQUEST_METHOD",
"REQUEST_URI",
"SCRIPT_FILENAME",
"SCRIPT_NAME",
"SCRIPT_URI",
"SCRIPT_URL",
"SERVER_ADMIN",
"SERVER_NAME",
"SERVER_ADDR",
"SERVER_PORT",
"SERVER_PROTOCOL",
"SERVER_SOFTWARE",
"UNIQUE_ID",
"USER_NAME",
"TZ",
"FPEXE",
"FPUID",
"FPGID",
"FPFD",
+ HTTP_*, HTTPS_*, SSL_*

Unfortunately this cannot be redefined. You can find more information about suexec at http://httpd.apache.org/docs/2.0/suexec.html .
 
Thank you for your rapid and exhaustive response.
Unfortunatly, the LC_CTYPE is mandatory to execute tolower and toupper C function.
The cgi-bin script must receive this environment variable to run correctly and convert lower and upper letters.
It seems that this point has been forgotten by devs ?
How can we fix that point in a secure way ? Maybe by add LC_CTYPE in the liste of suexec filter ?
I dont't know how to manage this point otherway.

Have a nice day.
 
I think that the "this cannot be redefined" should mean that it is not possible to add entries. But I am open to ideas, it could be helpful for other users if someone here knows more.
 
Meanwhile, we use database connect to convert lower or upper character using LC_CTYPE got by MariaDB.
Thank for your help.
 
Back
Top