Plesk open_basedir

PHP's open_basedir limits a script's ability to open files to specified directories.  This setting can only be modified within an httpd.conf file or in the php.ini.

When specifying more than one directory to be accessible by php scripts, use a semicolon for Windows, and a colon for all other systems. It's also important to note that directories within the open_basedir are actually prefixes and not a directory name. For example:

open_basedir = "/home/user/public_html/a"

Will also allow access to all directories beginning in 'a'.

open_basedir = "/home/user/public_html/a/"

Only files in 'a' of public_html will be accessible to the PHP script.

To implement the open_basedir restriction on a Plesk system, you must be root, because only root can run websrvmng to update Plesk. Instead of placing the open_basedir in php.ini or httpd.conf, you can add your overrides to the following files vhost.conf and vhost_ssl.conf which are located in the /var/www/vhosts/examples.com/conf directory. When connecting to a site using https, the vhost_ssl.conf is read instead of the vhost.conf file regardless if there is an SSL certificate or not.

  1. create or modify /var/www/vhosts/example.com/conf/vhost.conf by adding the following:
    <Directory /var/www/vhosts/example.com/httpdocs>
    php_admin_value open_basedir "/var/www/vhosts/example.com/httpdocs/:/var/www/vhosts/example.com/httpdocs/:files/:/tmp/
    </Directory>
  2. DO NOT edit the httpd.include.conf file. The following command will wipe out all changes:
    /usr/local/psa/admin/sbin/websrvmng -a 

If you wish to restrict directory access within subdomains, you must follow the above process but modify the files within the subdomain's folder (/var/www/vhosts/example.com/subdomains/sub_domain_name/)

 

If you modified the open_basedir within php.ini, then apache much be restarted.