Previous page Previous page

Next page Next page

Locate page Locate page

Print this page

Scripting Options

To isolate sites in shared hosting environments, you can apply a server-wide security policy. The policy enforces execution of PHP scripts through FastCGI handlers and prohibits Panel users from switching on insecure hosting features and options.

You can set the policy to prohibit the Panel users from changing the following hosting options:

To set up and apply the policy:

  1. Modify the file site_isolation_settings.ini located in /usr/local/psa/admin/conf/ directory on Linux systems, and %plesk_dir%\admin\conf\ on Windows systems, where %plesk_dir% is an environment variable for the Parallels Plesk Panel installation directory on Windows systems.

    The file contains the following predefined entries:

    ;php = any

    ;php_handler_type = fastcgi

    ;python = off

    ;perl = off

    ;fastcgi = any

    ;miva = off

    ;ssi = any

    ;ssl = on

    ;shell = /usr/local/psa/bin/chrootsh

    ;asp = any

    ;php_safe_mode = on

    ;coldfusion = off

    On means that an option should be switched on, off means switched off, and any means that an option is not restricted.

    You can uncomment the corresponding lines by removing the semicolons (;) and use the predefined values, or use custom settings for the policy. The policy settings can take the following values:

    php = on | off | any

    php_handler_type = (Unix: module | Windows: isapi) | fastcgi | cgi | any

    python = on | off | any

    perl = on | off | any

    fastcgi = on | off | any

    miva = on | off | any

    ssi = on | off | any

    ssl = on | off | any

    shell = (Unix: <string> Windows: on | off) | any

    asp = on | off | any

    asp_dot_net = on | off | any

    php_safe_mode = on | off | any

    coldfusion = on | off | any

    write_modify = on | off | any

    iis_app_pool = on | off | any

  2. To ensure that your policy settings are applied to newly created accounts and hosting service subscriptions, set the following settings when creating service plans:

If the Hosting settings management permission is granted, but the permission Setup of potentially insecure hosting web scripting options that override provider's policy is not, the users will be able to change only the hosting options that are not restricted by the server-wide security policy. If these both permissions are granted, the users will be able to change all available hosting options, regardless of the security policy. When a Panel user, who is allowed to override the security policy, changes through the Control Panel an option restricted by the policy, the Panel warns them about that and asks to confirm the operation.

If you want to allow a specific user to override the policy, go to Subscriptions > subscription name > Customize > Permissions tab, and select the option Setup of potentially insecure hosting web scripting options that override provider's policy.

If you want to allow all users subscribed to a service plan to override the policy, go to Service Plans > plan name > Permissions tab, or Service Plans > Reseller Plans > plan name > Permissions tab, and select the option Setup of potentially insecure hosting web scripting options that override provider's policy.

In this section:

Execution of Scripts via Cron Task Scheduler (Linux Hosting)

Please send us your feedback on this help page.