To isolate sites in shared hosting environments, you can apply a server-wide security policy. The policy enforces execution of PHP scripts through FastCGI handlers and prohibits Panel users from switching on insecure hosting features and options.
You can set the policy to prohibit the Panel users from changing the following hosting options:
To set up and apply the policy:
/usr/local/psa/admin/conf/directory on Linux systems, and
%plesk_dir%\admin\conf\on Windows systems, where
%plesk_dir%is an environment variable for the Parallels Plesk Panel installation directory on Windows systems.
The file contains the following predefined entries:
;php = any
;php_handler_type = fastcgi
;python = off
;perl = off
;fastcgi = any
;miva = off
;ssi = any
;ssl = on
;shell = /usr/local/psa/bin/chrootsh
;asp = any
;php_safe_mode = on
;coldfusion = off
On means that an option should be switched on, off means switched off, and any means that an option is not restricted.
You can uncomment the corresponding lines by removing the semicolons (;) and use the predefined values, or use custom settings for the policy. The policy settings can take the following values:
php = on | off | any
php_handler_type = (Unix
: module | Windows:
| fastcgi | cgi | any
python = on | off | any
perl = on | off | any
fastcgi = on | off | any
miva = on | off | any
ssi = on | off | any
ssl = on | off | any
shell = (Unix: <string> Windows:
on | off) | any
asp = on | off | any
asp_dot_net = on | off | any
php_safe_mode = on | off | any
coldfusion = on | off | any
write_modify = on | off | any
iis_app_pool = on | off | any
If the Hosting settings management permission is granted, but the permission Setup of potentially insecure hosting web scripting options that override provider's policy is not, the users will be able to change only the hosting options that are not restricted by the server-wide security policy. If these both permissions are granted, the users will be able to change all available hosting options, regardless of the security policy. When a Panel user, who is allowed to override the security policy, changes through the Control Panel an option restricted by the policy, the Panel warns them about that and asks to confirm the operation.
If you want to allow a specific user to override the policy, go to Subscriptions > subscription name > Customize > Permissions tab, and select the option Setup of potentially insecure hosting web scripting options that override provider's policy.
If you want to allow all users subscribed to a service plan to override the policy, go to Service Plans > plan name > Permissions tab, or Service Plans > Reseller Plans > plan name > Permissions tab, and select the option Setup of potentially insecure hosting web scripting options that override provider's policy.
Please send us your feedback on this help page.