• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

site_isolation_settings for php_handler_type are ignored

T

Thomas Becker

Basic Pleskian
Hello,
On a server which was running for years now and was updated from plesk 10 to plesk 11 and also to plesk 12 (12.0.18 Update #29) there seems to be a bug.

Customers are able to change PHP handler while in site_isolation_settings.ini it is not allowed:
php_handler_type = fastcgi

PSA service was restarted too:
/etc/init.d/psa restart

This is a serious issue because customers should not be able to change PHP handler type.

EDIT:
Only abonnements created with older Plesk versions are affected. I cannot say which version exactly because server had installed Plesk 10, 11 and 12. What do we have to modify to disallow changing the PHP handler type for this abonnements created with Plesk versions befor Plesk 12?

Thanks.
Thomas
 
Last edited:
I have forwarded this issue to developers for investigation. They have informed me that they can't reproduce this problem. So, you can provide us detailed step-by-step instruction for reproducing or contact Parallels Support Team.
 
Hello IgorG,
thanks for your reply.
I noted that this problem accours also on other Plesk 12 servers and also with new abonnements that are definitely created with Plesk 12.
I will do some further tests to find out under which circumstances this happens.
Please provide contact information of Support Team. Thanks.
 
Source of the problem are the service plan add-ons.

When you create a new add-on under permissions tab the option "Setup of potentially insecure web scripting options that override provider's policy" is greyed out but the option is checked by default.
As the option is greyed out the administrator thought that the option is not active. I do strongly recommend to uncheck such important option like "Setup of potentially insecure web scripting options that override provider's policy" by default. Could you please forward this to developers?
 
Thank you for details. I have forwarded them to developers. I will keep this thread updated with results as soon as I receive them.
 
You must log in or register to reply here.

Similar threads

NateWon
Question Composer and default PHP version
Replies
1
Views
327
Kaspar
K
V
Resolved Roundcube config.local.php not read
Replies
3
Views
829
Visnet
V
K
Question Disable Plesk login link
Replies
1
Views
585
Sebahat.hadzhi
Sebahat.hadzhi
Manuel Kuhn
Issue Problems from debian 10 to 12
Replies
2
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
F
Issue PHP suddenly crashes
Replies
12
Views
14K
FloLa
F
Back
Top