Time to bring this one up again: When is CW going to introduce change management and involve their customers? Pro-active communication ?

Last weekend a new ‘security feature’ on the application level was ‘introduced’ called ‘Direct PHP File Access’. No email communication about it. Not even a Top-Right-Corner present announcing it. No, just throw it in production and to make sure it really breaks a lot (especially ajax calls) turn the setting by default on disabled.

I understand it could be a good filter but:

a) design it with options that would be useful. E.g. same origin site calls are a configurable exception. People that write ajax calls know how to make them not directly accessible.

b) do not change a setting by default as the first deployment. Introduce the feature with the setting that provides the same practical effect. Then communicate. Then change the default.

c) Start using email communications to your technical contacts. Every other provider out there does this …

This feature was introduced on or right after the 18th … and ZERO comms about it. I guess nobody uses PHP …

It broke two of my customers sites. Just offline with a weird message.
Scared the customer.

Website Unavailable

The website you are trying to reach is unavailable because it use security service to prevent unauthorized access and online attack.

Support agent stated:
“This is a new security feature that is recently added to avoid domain mapping attacks on the websites so server will not serve a website if the domain name is not present in the Nginx domain relevant file”

Exactly. And the support agent confirms the point: They just added it no communications to their customers. Self centered, internally focussed and not picking up on the feedback. If we as customers have to figure this stuff out by chance we might as well go AWS (they actually have good comms).

Is there a solution from Cloudways?

P.S. Doublechecked all the settings in dashboard. My Primary domain just vanished. Added it again and now everything looks fine. For now. CW - nice job

For anyone else having this issue, in your cloudways hosting account:

• Choose the application experiencing the error message
• Choose ‘Domain Management’
• Make sure ‘primary domain’ value is set, if it IS, (as it was in my case), change it and change it back - I added the www. to mine then went back to my preferred domain name without the www. That fixed it for me. VERY frustrating to hear from the client that the site is down - no notification as to this configuration change - and still to find the site down with this issue, no Knowledge Base article or any info on the subject besides this post - so THANK YOU to scott3, admin6 and nick2 for posting this.

Thank you for posting this. This new security feature broke the ticketing system my clients use to contact me, and does not work with the image optimization plugin that I use on most sites. I was having a difficult time figuring out what was going on until I saw this post. Turned off the “Direct PHP Access”, and now everything is working. I agree, it would have been nice to receive some sort of communication on a setting that can easily break stuff.