• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

disable "override provider's policy"

H

HaukeW

Basic Pleskian
Hello,

I disabled "Setup of potentially insecure web scripting options that override provider's policy" in the Permission Section of the Service Plan.
Additionally I disabled "SSI support" in the "Hosting Parameters" Section.

But the User can login and change this setting in his interface!
How can I restrict the the access to some Web Scripting Features.


/usr/local/psa/admin/conf/site_isolation_settings.ini

;; The section describes allowed hosting options
[hosting]
php = any
php_handler_type = fastcgi
python = off
perl = any
fastcgi = any
miva = off
ssi = off
ssl = any
;shell = /usr/local/psa/bin/chrootsh
shell = off
asp = any
php_safe_mode = any
coldfusion = off
Click to expand...
 
Ok when I change the Subscription, the user can't see the disabled Scripting languages but they are still available!

I test it with the Parallels Default Page, where I can open a Perl or SSI Testpage.
 
There is a config file (/usr/local/psa/admin/conf/stie_isolation_settings.ini)
There is a permission ("Allow to override server-wide hosting security restrictions")
Config file specifies the list of allowed values for hosting options.
If the user has no the permission, the user unable to set value that not allowed by config.
 
Like you see in my first post , I found this config file and it seems to work.
When I set "ssi = off and disable "Allow to override server-wide hosting security restrictions", the user can't see perl.

>Thats good<

But he can still use perl scripts! The perl Option is only hidden but not deactivated .
 
Ok found a solution but I dont like it very much. Is it a bug?

It seems that I must first enable "Setup of potentially insecure web scripting options that override provider's policy ",
then go the interface and disable "Perl",
then disable "Setup of potentially insecure web scripting options that override provider's policy " .

Now the User can't use Perl.
 
You must log in or register to reply here.

Similar threads

E
Resolved How can I disable "Dedicated FPM application" but still allow user to change PHP version?
Replies
2
Views
1K
enduser
E
weareimpulse
Resolved AbuseIPDB - spurious network activity from our server to third-party networks
Replies
3
Views
726
weareimpulse
weareimpulse
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
3K
NewGate
N
K
Issue 'PHP handler type' warning when saving a service plan
Replies
0
Views
1K
klowet
K
L
Issue NGINX [emerg] "fastcgi_cache" zone "*****.it_fastcgi" is unknown in /etc/nginx/nginx.conf:41 nginx: configuration file /etc/nginx/nginx.conf
Replies
0
Views
1K
Lorenzo P
L
Back
Top