• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Is it SAFE to disable open_basedir in dedicated server?

M

Mkting

New Pleskian
Server operating system version
Debian 10
Plesk version and microupdate number
18.0.44
Hello,
I have noticed that the php openbase_dir directive is severely slowing down php execution on my server with various wordpress sites.
By disabling it I noticed a considerable increase to the loading speed of all pages using realpath_cache_size.

Since the server is my own dedicated one with no access from external users, I was wondering how much risk I would be taking by disabling openbase_dir on all sites or at least those with high traffic that need better speeds.

Also I would add that each website has been configured as a "Dedicated FPM application served by nginx", so each website use a separate fpm.

I know it is a directive used to increase security but I understand it is needed more for hosted websites rather than on dedicated servers with limited access.

I have a server with debian 10.5 and plesk 18.0.44
 
Many people and hosting providers still consider this setting a necessary security measure, but that's not exactly true. Even PHP itself officially denies it being useful in a security context: PHP: A Note on Security in PHP
In my opinion, using proper UNIX permissions is the only way to really secure the system, then you can ignore open_basedir completely and thus benefit from the realpath cache.
 
You must log in or register to reply here.

Similar threads

M
Issue How to update PHP open_basedir and/or httpd.conf server wide?
Replies
9
Views
659
MHC_1
M
brother4
Question Optimizing PHP FPM Handler Settings for Apache and Nginx in Plesk
Replies
0
Views
1K
brother4
brother4
J
Issue PHP JIT not enabling with plesk performance booster
Replies
6
Views
3K
JohnWest
J
D
Question How to install PHP 7.3 FPM on AlmaLinux 9?
Replies
2
Views
1K
Raul A.
R
meymigrou
Issue Unable to backup WordPress site in Plesk "Backup created with minor issues occurred"
Replies
3
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top