Since upgrading to virtual-server module version 3.96 i can no longer browse any of my non virtual host sites that use PHP. Instead of the site opening it tries to download the php file. Looking at the change log:
For virtual servers using CGI or fcgid mode for executing PHP, mod_php mode is now forcibly disabled to prevent potential security issues. This is also done for all domains at installation time.
Is there anyway of re-enabling mod_php on the Default Server so I can use those sites again. Virtual Host sites seem unaffected as they are setup to use fcgid mode. I don't have the knowledge to go through all the apache conf files to change from mod_php to fcgid mode.
Sites such as:
192.168.1.10/ocsreports 192.168.1.10/phpmyadmin 192.168.1.10/glpi
Thanks,
David
Howdy,
It doesn't actually disable mod_php, it just makes sure that it's not possible to execute a PHP script using mod_php when that particular Virtual Server is configured to use CGI or FCGID.
You can change how a given Virtual Server executes PHP by going into Server Configuration -> Website Options, and in there you can set the PHP Execution Mode.
Does that by chance help resolve the issue you're seeing, to be able to tweak that setting?
If not -- can you describe what you mean by your "non Virtual Host sites"? I'm not sure I follow what that is exactly. Thanks!
-Eric
under Webmin / Servers/ Apache Webserver I have existing virtual hosts. I can see how to set the PHP options for the virtual hosts by going into virtualmin / Server Configuration / Website options. But where do you go to set this for the Default Server and Virtual Server (Any) [see attachement].
I have a number of sites running under Default Server that are not part of the virtual servers, they just run on the server's IP address (192.168.1.10/site) such as phpmyadmin (192.168.1.10/phpmyadmin) but going to there now after the new update it won't execute the php it just tries to download. I can't see how to make it execute PHP scripts with mod_php for those sites?
Hope that makes sense!
David
We updated our server yesterday and we have the same problem.
mod_php users can access phpmyadmin and roundcube but fcgi users cannot. This is a security issue i think needs te be resolved very quickly. Be sure to move your config.php files as passwords are also downloadable.
Try to remove this line in Apache config added by the update:
php_admin_value engine Off
Removing this line worked! Thanks.
But it's going to be a long night removing it from all the virtual hosts.
What I gonna do (just because I don't know how to do it directly on the server):
With WinSCP, grab the content of the folder /etc/apache2/sites-available
Launch a search/replace in the folder through NotePad++
Put the files back
Thanks!
I found another solution (use at own risk). You should backup/copy your /sites-available's first.
cd /etc/apache2/sites-availablefind . -name "*.conf" -print | xargs sed -i 's/php_admin_value engine Off/#php_admin_value engine Off/g'
I've tried removing all instances of php_admin_value engine Off and I still can't get non virtual hosted sites to work with mod_php.
Did you restart apache2 after your changes?
Stupid question maybe but... have you restarted Apache?
Yep i've restarted apache, still no joy.
Thanks, i've now resolved this. I could only get it to work once i've removed all instances of php_admin_value engine Off from all the virtual hosts not just apache2.conf