• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

site_isolation_settings for php_handler_type are ignored

T

Thomas Becker

Basic Pleskian
Hello,
On a server which was running for years now and was updated from plesk 10 to plesk 11 and also to plesk 12 (12.0.18 Update #29) there seems to be a bug.

Customers are able to change PHP handler while in site_isolation_settings.ini it is not allowed:
php_handler_type = fastcgi

PSA service was restarted too:
/etc/init.d/psa restart

This is a serious issue because customers should not be able to change PHP handler type.

EDIT:
Only abonnements created with older Plesk versions are affected. I cannot say which version exactly because server had installed Plesk 10, 11 and 12. What do we have to modify to disallow changing the PHP handler type for this abonnements created with Plesk versions befor Plesk 12?

Thanks.
Thomas
 
Last edited:
I have forwarded this issue to developers for investigation. They have informed me that they can't reproduce this problem. So, you can provide us detailed step-by-step instruction for reproducing or contact Parallels Support Team.
 
Hello IgorG,
thanks for your reply.
I noted that this problem accours also on other Plesk 12 servers and also with new abonnements that are definitely created with Plesk 12.
I will do some further tests to find out under which circumstances this happens.
Please provide contact information of Support Team. Thanks.
 
Source of the problem are the service plan add-ons.

When you create a new add-on under permissions tab the option "Setup of potentially insecure web scripting options that override provider's policy" is greyed out but the option is checked by default.
As the option is greyed out the administrator thought that the option is not active. I do strongly recommend to uncheck such important option like "Setup of potentially insecure web scripting options that override provider's policy" by default. Could you please forward this to developers?
 
Thank you for details. I have forwarded them to developers. I will keep this thread updated with results as soon as I receive them.
 
You must log in or register to reply here.

Similar threads

F
Issue PHP suddenly crashes
Replies
12
Views
6K
FloLa
F
Manuel Kuhn
Issue Problems from debian 10 to 12
Replies
2
Views
547
Sebahat.hadzhi
Sebahat.hadzhi
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
702
NewGate
N
S
Issue SMTP/Qmail stop working suddenly without any cause
Replies
3
Views
1K
Stephen_Stephen
S
learning_curve
Question Roundcube 1.6.7 is on PHP 8.2 but, Obsidian 18.0.61 is on PHP 8.3 - Why the delay in moving Roundcube on to PHP 8.3?
Replies
8
Views
1K
Kaspar
K
Back
Top