php run as fastcgi , deny from all is ignored in .htaccess

[nethubonline]

Version: 11.0.9 CentOS 6 110120608.16

While PHP support run as FastCGI application, the .htaccess works with rewrite, AuthUserFile...etc., however "deny from all" doesn't work quite well.

If .htaccess contains "deny from all" only, all files except *.php will get 403 error , however *.php will still be shown without any blocking. I checked http://kb.parallels.com/en/124 , but seems it is for Plesk 8.x & 9.x version only, even I apply these setting to version 11, the problem still persists.

May I know whether it is normal case for PHP run as FastCGI? is there any solution to prevent it? Because users expect "deny from all" would deny all access, while web data is leaked out to internet, it is too late that users ask for the solution at this time. Yeah, we know the case but end-users will not understand about this.

 

[LinqLOL]

Ye plain stupid this bug still exists (http://forum.parallels.com/showthre...OT-block-php-and-pl-files&p=644997#post644997) :-(
I have posted a fix: http://forum.parallels.com/showthre...taccess-and-deny-from-fix&p=645004#post645004

 

[nethubonline]

Thanks LingLOL, this solution works!!! (although it should be fixed by Parallels in new patch, but at least it can be temp solution.)

Hope Parallels realize it is simple and major security "concept"