Disable PHP

How can you disable PHP or other scripting in a template?

I expect some support, as I have paid you know.

Grts Bart

Sorry for the slow reply. This one slipped by me.

In the Server Template(s) that you’d like to have no script execution privileges, you’d browse to the Apache website section, and in the field labeled “Directives and settings for new websites” you’d do the following:

Remove the ScriptAlias line (which allows CGI scripts to run from cgi-bin).

Remove the AllowOverride All line, possibly replacing it with another variant of AllowOverride that doesn’t include Options, since ExecCGI is one of the options that it makes possible. AuthConfig is the most important one for most users.

Make sure you’ve disabled mod_php and use only mod_fcgid (we recommend this, anyway, and will make it the default during install in the not too distant future). You can do that by commenting out everything in /etc/httpd/conf.d/php*.conf on Red Hat based systems or using a2dismod on Debian/Ubuntu.

Finally, turn off “Automatically add appropriate SuExec directive?” and “Allow editing of PHP configuration?”. And, of course, you’ll obviously want to leave off the Install Scripts option, as well (in the Default owner limits page), and setting of PHP versions.

I believe that’ll do it, though we might also need to add:

RemoveHandler .php
RemoveHandler .php4

To the Apache directives, if those handlers are springing into existence somewhere outside the control of Virtualmin (which they do in mod_php).

If you need mod_php to be enabled for some sites, you can use the "php_value engine off" option within the Apache directives.

BTW-This is probably more complicated than it needs to be. We’ve just never had anyone ask to be able to completely disable scripts before, so we’ve never made it easier.

I’ll file a bug in the tracker, and this will probably be much easier in 3.49 (3.48 is nearly ready to enter QC, so it won’t make it into that one).

Thx for your reply, I will try it. The ‘disabled scripting’ option is for my much cheaper hosting packages.
But it sounds good that you gone implant a option for that in virtualmin.

I don’t know what I am doing wrong but disabling mod_php doesn’ work. If I disable it the pages get an error 500, but nothing in error_log, strange?!?

I found it. I had .htaccess files in my home dirs with something like ‘php_value…’ Removed the files and it works like a charm. The disable mod_php.
Now I can test the ‘disable script’ stuff