Applicable to:
- Plesk for Linux
Question
PHP shell script was uploaded under the home directory of subscription.
How to prevent filesystem browsing with php shell scripts?
Answer
It's possible to disable shell_exec
and other functions in PHP by using the disable_functions
directive:
Warning: Applications may rely on these functions and may not work properly when restrictions are applied.
-
Login to Plesk
-
Navigate to Domains > example.com > PHP Settings
-
Set the following value to the disable_functions:
CONFIG_TEXT: opcache_get_status,exec,passthru,shell_exec,system,proc_open,popen
Note: To set the restriction to multiple domains at once, this value can be specified in Service Plans > <service_plan> > PHP Settings > disable_functions, or to apply it server-wide, in panel.ini as settings.performance.disable_functions
-
Login to Plesk
-
Navigate to Domains > example.com > PHP Settings
-
Add the following line under Additional configuration directives and apply the changes:
CONFIG_TEXT: disable_functions=opcache_get_status,exec,passthru,shell_exec,system,proc_open,popen
Comments
0 comments
Please sign in to leave a comment.