How to: Restrict use of Perl, CGI and insecure Scripting

sshWith Plesk 12 you can create a “preset” which limits the type of scripting that can be assigned by your clients. This can help with the problem where you do not allow Perl or CGI but your Reseller clients can create service plans that allow these restricted services.

To prevent this from occurring, you can create presets which will not allow your clients to override these scripting options.

The file you need to edit

nano /usr/local/psa/admin/conf/site_isolation_settings.ini

In general, your PHP will always be switched on. Your PHP should be handled by FastCGI (for performance and security). Set Perl and CGI to “off” as follows

; The section describes allowed hosting options
php = on
php_handler_type = fastcgi
python = off
perl = off
cgi = off;
;fastcgi = any
;miva = off
;ssi = any
;ssl = any
;shell = /usr/local/psa/bin/chrootsh
;asp = any
;php_safe_mode = off
coldfusion = off

You can easily restore the original configuration files whenever required

cp /usr/local/psa/admin/conf/site_isolation_settings.ini.default /usr/local/psa/admin/conf/site_isolation_settings.ini

As a Plesk 12 admin, you can override these settings for any subscription. This simply eliminates these scripting options from showing as options to your clients.

Was this helpful?