Filed with Developers Disabling PHP for an account or reseller [Case 51859]

[bsasninja]

Please add a function to WHM for disabling PHP support to a specific account.

As we can disable CGI and FrontPage Extensions at the moment of creating an account, it will be wonderfull to have a checkbox deactivate PHP also.

Thanks a lot!

Diego

[deanstev]

I also think this would be a good idea

[SarcNBit]

Then you should log it into <<Removed reference to old feature request system>> as an enhancement.

[s_2_s]

feature needed yes why not

[bman]

that would be nice
but how is it done manualy ? edit each account in httpd.conf and remove php from there ?

[nickn]

Change the mime types for the accounts that were to be disabled, make *.php be parsed as *.html...

That's really the only way I could think of.

[richy]

It'll be easy enough for somebody to create a .htaccess of their own with the "proper" PHP settings. You'll also have to disable those directives in the httpd.conf file.

[bsasninja]

I added the following line below DocumentRoot in /scritps/wwwact

php_flag engine off

this will turn off PHP when a account is created in whm.

If you want to give php access to an specific account you must edit httpd.conf and seek for the virtual host you are looking for and delete the php_plag engine off line from it.

Then restart apache

Its very simple is cpanel support team add this to the account creation form in WHM with a check box, if its active then add the line. If not, leave php active.


Enjoy the tip.

Diego

[anup123]

# WWWAcct 9.1 Copyright 1997-2004 cPanel, Inc.
# Modifing this software without permission is a crime.
# cpanel9 - scripts Copyright(c) 1997-2004 cPanel, Inc.
# All rights Reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cpanel license. Unauthorized copying is prohibited
# exp $needs rewrite$

I couldn't dare to after reading this

Anup

[sawbuck]

I added the following line below DocumentRoot in /scritps/wwwact
php_flag engine off this will turn off PHP when a account is created in whm.
If you want to give php access to an specific account you must edit httpd.conf and seek for the virtual host you are looking for and delete the php_plag engine off line from it.
Then restart apache
Its very simple is cpanel support team add this to the account creation form in WHM with a check box, if its active then add the line. If not, leave php active.
Enjoy the tip. Diego

Would appreciate a comment from Nick regarding this especially in light of the copyright on this script.

[mr.wonderful]

# WWWAcct 9.1 Copyright 1997-2004 cPanel, Inc.
# Modifing this software without permission is a crime.
# cpanel9 - scripts Copyright(c) 1997-2004 cPanel, Inc.
# All rights Reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cpanel license. Unauthorized copying is prohibited
# exp $needs rewrite$

I couldn't dare to after reading this

Anup

Thats a bloody laugh! Its ok for Cpanel to modify my existing custom installation and break it at times by modifying and updating it, on my own server, for which i pay a license for, but its not ok to modify a script on my box that i may want to customize?

How does this logic work?

[SarcNBit]

I would assume that a properly licensed cPanel server has permission. I think that the idea with that notice is to prevent someone from grabbing the script wholesale and using it as part of a competing product. They could have compiled it (as they have with other functions) if they really didn't want you touching it.

Like sawbuck, I would like to hear an official word on this.

[bsasninja]

Is a bugzilla opened with this, also i send a mail to technical support yesterday. They told me to add this info in the already opened bugzilla.
I hope the resolve this fix soon.

[Datcrack]

There should be an option to disable php alltogether in the packages for normal accounts and reseller accounts. Resellers shouldn't be able to open new hosts with php.

This would be a great feature as not everybody uses the cpu killer php apps. Limiting php could drop the price immensely.

[cPanelTristan]

Hello Datcrack,

Not to take away from the feature request itself, I did want to mention that PHP can be disabled per account using the following type of entries by putting them as an include in /usr/local/apache/conf/userdata/std/2/$user/$domain.com/ location within a file called $includename.conf (where std represents http VirtualHost section, 2 represents Apache 2 or Apache 2.2, $user represents the cPanel username, $domain.com represents the domain name, and $includename.conf represents the name you choose to call the include configuration file).

Method 1:

Code:

php_value engine off

Method 2:

Code:

RemoveType .php .php4 .php5

You would put whatever mime types you want to remove in this second method.

Please note that Method 1 creates blank page for php files. Method 2 creates no mime type so files try to download. You cannot bypass either of these methods in .htaccess file on user's account (AddType is processed before Removetype). Also, AddType in user's .htaccess causes Internal Server Error.

After creating one of the includes, you'd then need to verify the include, check it into the system, backup Apache, rebuild Apache and restart Apache:

Code:

/scripts/verify_vhost_includes
/scripts/ensure_vhost_includes --user=$username
cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak110305
/scripts/rebuildhttpdconf
/etc/init.d/httpd restart

You can see documentation on using such includes at the following location:

Changes Contained within a VirtualHost Directive