Php7 not running when viewing files through ip address instead of domain

rembem

Verified User
Joined
Nov 21, 2018
Messages
7
I have the following problem with php7 and Custombuild2:

In Custombuild (v2.0.0, rev: 1950) I have selected:
php1_release: 5.6
php1_mode: php-fpm
php2_release: 7.2
php2_mode: mod_php

And rebuilt php and apache of course.

When I select php7 for a user in DirectAmdin, all is fine when I view web pages of that user through the domain name, e.g.

http://domain.com/test.php

But when I view the same page by IP address, like this:

http://185.33.xxx.xxx/~testuser/test.php

Then php is not parsed as php. Worse, I see the php code, so php does not seem to be running. Database passwords, etc. are all in the open when viewing the website through IP address.

This only happens when php7 is selected by the user. Not when php5.6 is selected.

What I already tried:
- I already updated all software and rebuilt php, apache etc. through the Custombuild panel.
- tried various combinations in the user for php5.6 and php7, switched them, both php7 etc.

I have seen this option in Custombuild: 'userdir_access'. I could set that to 'no' and rebuild. But it is set to 'yes' because I want to be able to keep access files this way. Which works fine in php5.6.

Is this a Custombuild bug? Or am I overlooking something? Any help is appreciated.

Screenshot of my Custombuild settings:

https://cl.ly/cedb60988960
 
Update: works with php7 as php-fpm

Some new info on this:

The above issue happens when I have set:
php1: php5.6 php-fpm
php2: to php7.2 mod_php.

I tried with switched settings:
php1: php5.6 mod_php
php2: php7.2 php-fmp
and rebuilt php and apache.

Now the problem is gone: accessing files through ip address works as expected.
I am fine with this setting, so I can move on.

But, I am still wondering:
- Is this normal/expected behaviour? It seems dangerous that php code and possibly database passwords are unknowingly exposed when choosing php7 mod_php in a user.
- Is this a Custombuild bug?
- Or is something off on my VPS that I am not aware of?

If anyone can shed a light on what might be happening, that would be highly appreciated.

The hosting company I rent this VPS from has no idea why this happens.
 
Thank you, I did contact Directadmin support. The answer was very helpful:

Thank you for the report! php2_mode=mod_php should never be set. I've added a check to CB 2.0 rev. 1958, so that it would error if the setting is detected in the options.conf file.

So Php2 should not be set to mod_php, although this is currently still certainly possible, and it's the state in which I recieved my VPS from the hosting provider I rent it from.
Glad it will be checked from rev. 1958.
 
Back
Top