Apache SetHandler error on saving Virtualmin features and plugins

Hi all,
Second post-installation question.

Just installed the Virtualmin module into my Webmin. First thing I want to do is disable BIND DNS and mail (for now). However …

… when I click save I get
“Failed to save enabled features : Apache configuration file /etc/apache2/mods-enabled/php5.conf contains SetHandler lines that prevent PHP from running with domain owner permissions. These lines must be removed.”

I’m trying to be security conscious here so would appreciate a little help on giving Virtualmin the minimum privileges it needs in order to do what it does. My current php5.conf has these FilesMatch entries

As far as I understand it, this directive channels requests for PHP files via to PHP engine.

SetHandler application/x-httpd-php

Not sure what this one is doing

SetHandler application/x-httpd-php-source Deny access to raw php sources by default To re-enable it's recommended to enable access to the files only in specific virtual host or directory Order Deny,Allow Deny from all

Comment seems self-explanatory
Deny access to files without filename (e.g. ‘.php’)

Order Deny,Allow Deny from all

Has anyone got two minutes to give me a steer on what these entries are currently doing and how I should give Virtualmin the necessary minimum privileges. Looks like my issue is with the second block, right?



You normally don’t need either of those SetHandler lines.

They cause Apache to override any other settings, and to process incoming PHP requests using mod_php.

By default, Virtualmin comments out those lines during installation (note – are you by chance using a non-standard PHP version? That’s usually the cause for the error you’re seeing, as a third-party PHP version can install it’s own config overtop the Virtualmin-modified one)

When those are commented out, you would then be able to control how PHP is processed within your individual domains. By default, they will use FCGID, which is both speedy, and secure, as they are run with the rights of the Virtual Server owner.

But, you can also change it by going into Server Configuration -> Website Options, and there you can change the PHP Execution Mode.


Thank you for the reply. I don’t think there’s anything particularly funky about my PHP installation. It was an out-of the box script on Digital Ocean. Top section of phpinfo() is like this:

PHP Version 5.5.9-1ubuntu4

System Linux web1.appliedweb.net 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 Build Date Apr 9 2014 17:08:00 Server API Apache 2.0 Handler Virtual Directory Support disabled Configuration File (php.ini) Path /etc/php5/apache2 Loaded Configuration File /etc/php5/apache2/php.ini Scan this dir for additional .ini files /etc/php5/apache2/conf.d Additional .ini files parsed /etc/php5/apache2/conf.d/05-opcache.ini, /etc/php5/apache2/conf.d/10-pdo.ini, /etc/php5/apache2/conf.d/20-gd.ini, /etc/php5/apache2/conf.d/20-json.ini, /etc/php5/apache2/conf.d/20-mysql.ini, /etc/php5/apache2/conf.d/20-mysqli.ini, /etc/php5/apache2/conf.d/20-pdo_mysql.ini, /etc/php5/apache2/conf.d/20-phalcon.ini, /etc/php5/apache2/conf.d/20-readline.ini PHP API 20121113 PHP Extension 20121212 Zend Extension 220121212 Zend Extension Build API220121212,NTS PHP Extension Build API20121212,NTS Debug Build no Thread Safety disabled Zend Signal Handling disabled Zend Memory Manager enabled Zend Multibyte Support provided by mbstring IPv6 Support enabled DTrace Support enabled Registered PHP Streams https, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, tls Registered Stream Filters zlib.*, bzip2.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk

I’ve been out of the PHP saddle for about five years and am returning from the ASP.NET wilderness, so my eye is not yet back in :(.

I’ll try just commenting out those SetHandlers and see if that sorts it. … and then do a security audit before we go live …

Thanks again for your help. Much appreciated.


Yup, that’s the correct PHP version for Ubuntu 14.04.

When running the install.sh, those SetHandler lines are normally commented out. It’s possible that didn’t work for some reason though.

It’s safe to comment out those lines though, the configuration within each individual VirtualHost block in Apache will handle the PHP processing for your domains.