Can I use open_basedir on my server running Parallels Plesk Panel?
Print this Article
Last Updated:
November 17, 2013 12:26 PM
Parallels Plesk Panel 8.0 and above configures the httpd.include file for each domain for overall site security. As such, it enables the open_basedir directive for PHP, so that PHP scripts can only access files located in the '/var/www/vhosts/domain.com/httpdocs/' and '/tmp' directories.
To modify this setting, create a vhost.conf file in your /var/www/vhosts/domain.com/conf/ directory, and enter the following lines:
<Directory /var/www/vhosts/domain.com/httpdocs>
php_admin_value open_basedir /path/you/require:/another/path/you/require
</Directory>
php_admin_value open_basedir /path/you/require:/another/path/you/require
</Directory>
Save this file and enter the command:
/usr/local/psa/admin/sbin/websrvmng -a -v
If you are using Parallels Plesk Panel 10, enter the following command instead:
/usr/local/psa/admin/sbin/httpdmng --reconfigure-all
This will update the main httpd.include file to include the new vhost.conf file, and will also gracefully restart the Web service so the changes take effect.
NOTES:
- Make sure to modify the paths as needed for the actual paths on your server and what your scripts require. Although not as secure, if you are unsure of what paths are required for your PHP to execute properly, you can set the restriction to 'no value' replacing the path with 'none':
php_admin_value open_basedir none - Separate all directories with a colon (:). As an Apache module, open_basedir paths from parent directories are now automatically inherited.
- The restriction specified with open_basedir is actually a prefix, not a directory name. This means that "open_basedir = /dir/incl" also allows access to "/dir/include" and "/dir/incls", if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: "open_basedir = /dir/incl/"
- For sites with SSL's, you will also need to create a vhost_ssl.conf in the same manner modifying the paths appropriately based on your settings. For example, if you have not selected the 'Use a single directory for housing SSL and non-SSL content' option in Parallels Plesk Panel under the physical hosting setup, you will need to modify the <directory> path to '/var/www/vhosts/domain.com/httpsdocs' for the open_basedir value to apply properly.