Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
-
Notification when trying to enable Web Deploy, change PHP handler for a service plan or when applying changes in Hosting Settings for a domain:
PLESK_INFO: This setting conflicts with the server-wide security policy.
-
Service Plans > [service plan name] > Permission (tab) > Setup of potentially insecure web scripting option or Resellers > reseller_name> customize> Permissions>Setup of potentially insecure web scripting option are disabled.
Cause
Setup of potentially insecure web scripting option is not enabled for a Service/Reseller Plan.
Resolution
-
Go to Service Plans > [service plan name] > Permission (tab) and enable Setup of potentially insecure web scripting option or for Resellers > reseller_name> customize> Permissions and enable Setup of potentially insecure web scripting option if the reseller does not have a service plan.
Warning: Enabling this option is not recommended on shared hosting. It will override server-wide site isolation settings and make non-chrooted shells available for client SSH logins.
Comments
4 comments
Why would changing PHP handler be considered to conflict with the server-wide security policy in all cases?
I can understand a warning if you chose to use mod_php in place of php_fcgi or php-fpm, but I cannot see a reason for the warning when you change from, for example, php_fcgi 5.3 (vendor) to 5.6 php-fpm (Plesk repo).
@Faris,
Hi! The described behavior is under the investigation currently. New info may be added to the article depending on the investigation results.
Was anything found during these 2 years of investigation?
The same warning still exists in Onyx..
Hello @Turgut
This warning is a security one and it's expected behavior.
To avoid this warning, you can enable Setup of potentially insecure web scripting option in the Plesk > Service Plans > [service plan name] > Permission (tab), as is mentioned in the article.
Though on our UserVoice portal there is a suggestion to enable security policy management per subscription instead of server-wide. If this suggestion seems important to you, you can vote for it:
https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/34477117-security-policy-per-subscription
Top-ranked suggestions are likely to be implemented in future versions of Plesk.
Please sign in to leave a comment.