Articles in this section

mod_perl, mod_python, mod_php Apache modules are not installed by default in a Plesk server

Gilson Siqueira
Updated
kb: how-to Plesk for Linux ABT: Group B

Question

The mod_perl, mod_python, and mod_php Apache modules are not installed/enabled by default. 
Why are they not installed?

Answer

In modern Plesk versions (starting from 12.5), the following changes were implemented regarding Apache modules:

  • mod_perl and mod_python are not included.
  • mod_php is included but is disabled by default (replaced by PHP-FPM).

This configuration is enforced for security reasons.

Why using these Apache modules on shared hosting is insecure

These modules (DSO) run code inside the Apache process. This creates significant risks in a shared hosting environment:

  1. File Security (User Isolation)
    Scripts executed by mod_php, mod_perl, or mod_python run under the apache user, not the subscription's system user. This means scripts from one domain could potentially read sensitive files (confidential data, config files) belonging to other domains hosted on the same server.
  2. Database Security
    Since all users share the same execution user (apache), database connection strings in configuration files are readable by other scripts running on the server. This could lead to hijacked database connections.
  3. Stability and System Compromise
    A vulnerability in the Apache code or a single heavy script can affect the entire web server, causing downtime for all hosted domains.

Recommended Alternatives

To run Perl and Python scripts securely, use the following methods supported by Plesk:

  • FastCGI (Default): By default, Python (`.py`) and Perl (`.pl`) scripts are handled by the mod_fcgid module. This allows them to run under the subscription's system user, ensuring proper isolation.
  • mod_wsgi (Python): For Python web applications (like Django or Flask), use mod_wsgi. It provides a more robust environment than CGI. 
    See: How to configure root directory for WSGI scripts with Plesk
  • Phusion Passenger: If the "Ruby" component is installed, Plesk can also manage Python and Node.js applications via Phusion Passenger.

Note: If an existing legacy application was designed specifically for mod_perl or mod_python, the code may need to be updated to support FastCGI or WSGI standards.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.