• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Bug in site isolation settings in Plesk 11.5 (IMPORTANT)

T

Thomas Becker

Basic Pleskian
---------------------------------------------------------------
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
11.5.30 Update #2, CentOS 6.4 (Final) x64

PROBLEM DESCRIPTION
Site isolation settings don’t have any effect.

STEPS TO REPRODUCE
Configure the following in site_isolation_settings.ini:

php = on
php_handler_type = fastcgi

Create a service plan without the permission for "Setup of potentially insecure web scripting options that override provider's policy".
Create a customer with subscription and assign the service plan.

ACTUAL RESULT
The customer is able to switch between “CGI-Application”, FastCGI-Application and “Apache-Module”.

EXPECTED RESULT
Customer should not have the permissions to switch the "PHP support".

ANY ADDITIONAL INFORMATION

--------------------------------------------------------------
 
Last edited:
I can't reproduce it. I have created file /usr/local/psa/admin/conf/site_isolation_settings.ini with content:

php = on
php_handler_type = fastcgi

and created corresponding Service Plan. Then I created customer with subscription based on this Service Plan. When customer login to Plesk he can't change php_handler in hosting settings.
 
Thanks Igor,
I checked it again. Now the site isolation settings seem to have an effect. I guess there was a bugfix in an MU after 11.5.30 #2.
 
Solution see this post:
http://talk.plesk.com/threads/site_isolation_settings-for-php_handler_type-are-ignored.330315/

Source of the problem are the service plan add-ons.
When you create a new add-on under permissions tab the option "Setup of potentially insecure web scripting options that override provider's policy" is greyed out but the option is checked by default.
As the option is greyed out the administrator may can think that the option is not active but it is.
 
You must log in or register to reply here.

Similar threads

H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
563
Raul A.
R
brother4
Question Optimizing PHP FPM Handler Settings for Apache and Nginx in Plesk
Replies
0
Views
1K
brother4
brother4
Hangover2
Forwarded to devs Disabled PHP "Hosting performance settings management" can be bypassed by using .user.ini or ini_set()
Replies
9
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
3K
NewGate
N
M
When you create/edit a Service Plan, disabled PHP-handlers show up on the PHP-settings page
Replies
2
Views
1K
Peter Debik
P
Back
Top