Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED MultiPHP INI Editor exposing PHP version 7.2

Discussion in 'Security' started by bloatedstoat, Jun 13, 2018.

  1. bloatedstoat

    bloatedstoat Well-Known Member

    Joined:
    Jun 14, 2012
    Messages:
    133
    Likes Received:
    12
    Trophy Points:
    18
    Location:
    Victoria, Australia
    cPanel Access Level:
    Root Administrator
    Hi,

    In all of our PHP versions I have expose_php set to off in the php.ini files.

    However; there is no option to modify PHPv7.2 within the MultiPHP INI Editor, it's not listed for me. The highest listed in the drop down is ea-php71.

    I checked a few sites on our server that use this version and the PHP version is being exposed in the X-Powered-By header ( X-Powered-By => PHP/7.2.6 )

    Code:
    HTTP/1.1 200 OK =>
    Date => Thu, 14 Jun 2018 00:43:00 GMT
    Server => Apache
    X-Powered-By => PHP/7.2.6
    Expires => Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control => no-store, no-cache, must-revalidate
    Pragma => no-cache
    Vary => Accept-Encoding,User-Agent
    Connection => close
    Content-Type => text/html; charset=UTF-8
    Can someone advise why I have no ea-php72 in my MultiPHP INI Editor drop down so I can turn expose_php to off for this version.

    Thanks.

    We're using CLOUDLINUX 6.9 standard v70.0.48 with CageFS
     
  2. bloatedstoat

    bloatedstoat Well-Known Member

    Joined:
    Jun 14, 2012
    Messages:
    133
    Likes Received:
    12
    Trophy Points:
    18
    Location:
    Victoria, Australia
    cPanel Access Level:
    Root Administrator
    Okay sussed this one out.

    We use Cloudlinux with CageFS. There is an alt-php72 in the MultiPHP INI editor drop down, I edited this file and set expose_php to Off and ran cagefsctl --force-update.

    PHP version is no longer being exposed in the headers. So this one is solved.

    Thank you.
     
  3. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,888
    Likes Received:
    90
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,
    Check the easyapache 4 section and verify if required version of PHP is installed or not. If it is installed, try reinstalling it..
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. bloatedstoat

    bloatedstoat Well-Known Member

    Joined:
    Jun 14, 2012
    Messages:
    133
    Likes Received:
    12
    Trophy Points:
    18
    Location:
    Victoria, Australia
    cPanel Access Level:
    Root Administrator
    Thanks for the reply; 7.2 is deployed on the server and sites are running under that version successfully.
    I found in the drop down there are 'alt' php versions up to and including 7.2. So it is installed and I was able to (as per response to my own thread) modify the ini file and turn expose_php to off.
    The ea-php72 is not showing in the drop down - alt-php72 is.
    Cheers.
     
  5. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,838
    Likes Received:
    275
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @bloatedstoat

    I'm glad you found the resolution for the issue! It does sound like you have only alt-php 7.2 installed on the server not ea-php72 - this is totally fine and you shouldn't need to make any changes since you've resolved the issue but would explain why it's not present in the drop-down.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice