How to enable and disable the PHP allow_url_fopen directive?

The "allow_url_fopen" setting is a configuration option in PHP that governs the ability of PHP file functions to retrieve data from remote locations via FTP or HTTP. It is crucial to exercise caution when enabling this option as it poses a significant security risk. It is advisable to avoid enabling it unless absolutely necessary.

The "allow_url_fopen" option in PHP determines whether PHP can retrieve URL objects, such as files. This functionality is typically disabled for security purposes, although certain scripts may require it to work correctly. Users who try to enable or disable this option using the "MultiPHP INI Editor" in cPanel might find that the changes don't affect their scripts or PHP information pages. This article aims to clarify the steps you can take to modify this setting effectively.

It is crucial to understand that PHP imposes certain limitations on the locations where settings can be configured. While many settings can be adjusted in any recognized configuration file, some settings are restricted to system configuration files. The "allow_url_fopen" setting falls into the latter category and can only be defined in a system configuration file.

Regarding the configuration of the "allow_url_fopen" setting, it is important to note that user-defined ini files, which are not system files, will not be considered when this setting is encountered.

Enabling/Disabling allow_url_fopen

To modify this setting, several options are available depending on how you run PHP on your server. It is recommended to review each method and choose the one that suits your needs best.

Method 1: Global Change

The recommended approach is to modify the global ini file for the specific PHP version that requires this feature. You can make this adjustment using the "MultiPHP INI Editor" in WHM for each PHP version individually. Follow these steps to enable this globally:

Step 1: Go to Home -> Software -> MultiPHP INI Editor in WHM.

Step 2: Select the PHP version you want to edit from the drop-down menu.

Step 3: Set the "allow_url_fopen" setting to "Enabled".

Step 4: Click Apply to save the changes.

Method 2: suPHP

The suPHP handler allows PHP to run as the user associated with each account rather than the default "nobody" user used by Apache. This implementation provides the ability to specify a custom php.ini file for each account, granting users full access to their PHP settings and enabling changes to other system-only settings.

To change the setting under suPHP, follow these steps:

Obtain a complete copy of the system's php.ini file and place it in the document root folder for the desired domain. The system ini files are typically located at the following path, where XX represents the configured PHP version for that domain:

vi /opt/cpanel/ea-phpXX/root/etc/php.ini

Edit the .htaccess file for the domain and add the following directive near the top, adjusting the path to the domain's document root accordingly (e.g., public_html for the main domain on a cPanel account):

suPHP_ConfigPath /home/$user/public_html

Edit the local copy of the php.ini file you placed in the domain's document root. Set the allow_url_fopen setting to "On":

allow_url_fopen = On

Method 3: PHP-FPM

If you are utilizing PHP-FPM, you have another option to adjust the "allow_url_fopen" setting. PHP-FPM configuration files are considered system files, and PHP recognizes changes to this setting when defined there. Follow these steps to enable PHP-FPM for a domain:

Refer to the appropriate article on enabling PHP-FPM for a domain.

Once PHP-FPM is enabled, you can customize PHP-FPM and enable the "allow_url_fopen" setting:

Step 1: Go to Home -> Software -> MultiPHP INI Editor in WHM.

Step 2: Select User Domain Settings.

Step 3: Choose PHP-FPM Settings for the domain you wish to edit.

Step 4: Enable the option Treat URLs as files (allow_url_fopen).

How to Enable or Disable allow_url_fopen from cPanel?

Please note that the PHP Selector is not included by default in cPanel and may not be available if you are using a different web host. However, if you are an Accuwebhosting customer, you will have access to the Select PHP Version section in your Shared hosting account's cPanel.

Please be aware that direct modifications to the PHP.ini file are not permitted on our servers. However, you can still make PHP configuration changes through cPanel by following these steps:

Step 1: Log in to your cPanel account.

Step 2: Locate the Software section and click on "Select PHP version".

Step 3: Click on the "Options" link in the new window.

Step 4: You will find the "allow_url_fopen" option. Check the box next to it to enable or uncheck it to disable.

Step 5: After making any changes, click anywhere outside the dropdown or text input box on the left-hand side. If the changes are successful, a green box with a confirmation message will appear, indicating that the modifications have been applied.

Conclusion:

To enable or disable the "allow_url_fopen" feature, it must be adjusted in a system-level configuration file. This can be achieved through the system's php.ini file (using the MultiPHP INI Editor in WHM to apply changes to all accounts) or via a suPHP or PHP-FPM configuration file (for individual accounts). Modifying this setting in a non-system configuration file will not produce the desired change.


Was this answer helpful?

« Back

chat

/* */