• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

site_isolation_settings for php_handler_type are ignored

T

Thomas Becker

Basic Pleskian
Hello,
On a server which was running for years now and was updated from plesk 10 to plesk 11 and also to plesk 12 (12.0.18 Update #29) there seems to be a bug.

Customers are able to change PHP handler while in site_isolation_settings.ini it is not allowed:
php_handler_type = fastcgi

PSA service was restarted too:
/etc/init.d/psa restart

This is a serious issue because customers should not be able to change PHP handler type.

EDIT:
Only abonnements created with older Plesk versions are affected. I cannot say which version exactly because server had installed Plesk 10, 11 and 12. What do we have to modify to disallow changing the PHP handler type for this abonnements created with Plesk versions befor Plesk 12?

Thanks.
Thomas
 
Last edited:
I have forwarded this issue to developers for investigation. They have informed me that they can't reproduce this problem. So, you can provide us detailed step-by-step instruction for reproducing or contact Parallels Support Team.
 
Hello IgorG,
thanks for your reply.
I noted that this problem accours also on other Plesk 12 servers and also with new abonnements that are definitely created with Plesk 12.
I will do some further tests to find out under which circumstances this happens.
Please provide contact information of Support Team. Thanks.
 
Source of the problem are the service plan add-ons.

When you create a new add-on under permissions tab the option "Setup of potentially insecure web scripting options that override provider's policy" is greyed out but the option is checked by default.
As the option is greyed out the administrator thought that the option is not active. I do strongly recommend to uncheck such important option like "Setup of potentially insecure web scripting options that override provider's policy" by default. Could you please forward this to developers?
 
Thank you for details. I have forwarded them to developers. I will keep this thread updated with results as soon as I receive them.
 
You must log in or register to reply here.

Similar threads

S
Issue SMTP/Qmail stop working suddenly without any cause
Replies
3
Views
425
Stephen_Stephen
S
Daveo
Forwarded to devs Process List shows RAM 100% & Hard Disk Usage shows 4x ramfs disks
Replies
6
Views
491
Peter Debik
P
K
Issue Undefined array key "by_time"
Replies
1
Views
538
Peter Debik
P
andreios
Resolved PHP FPM 8.2.17 is not accurately checking cached files for changes
Replies
3
Views
6K
andreios
andreios
W
Resolved Nextcloud installation and scheduled tasks throw "Php handler does not exists"
Replies
7
Views
1K
Peter Debik
P
Back
Top