Question

mod_perl, mod_python, mod_php Apache modules are not installed by default.

Why are not they installed?

Answer

Starting from Plesk 12.5, the following changes were made in terms of Apache modules:

• mod_perl and mod_python are not included.

• mod_php still included but disabled by default.

It was done for security reasons.

Why using these Apache modules on shared hosting is insecure:

1. File security.
   mod_php, mod_perl, and mod_python run under the account of Apache server, and therefore scripts executed by these modules can potentially access any user file. For example, files containing highly confidential personal data can be read by a script from another domain.

2. Security of database connections.
   Database connections of other users can be hijacked, and since all users can read each other's code, database usernames and passwords are visible to any user.

3. Potential system compromising.
   Due to security issues in Apache code (it can be resolved by using jails or chroot mechanisms).

Which options to use Perl and Python remain:

1. By default, Python and Perl are handled by FastCGI ( mod_fcgid module).
2. For Python, there is no special binary and, therefore, it has to be done inside the script itself. So it is necessary to add the required code into the .py file or use mod_wsgi (as described in this article).
3. For Python, it is also possible to use the Application server (this option is described in this article ).

4. As an alternative for Python support, consider using mod_wsgi which is part of CentOS and also allows Python apps to run under Apache.

Note: If an application is designed for use with mod_perl or mod_python, updating its code can be required.