How to Enable / Disable PHP allow_url_fopen on a Linux/cPanel Server

What is allow_url_fopen ?

 
allow_url_fopen is used to retrieve data from the remote server. On most of the shared servers this function will be disabled server wide for all domains. It is better to keep this disabled because it is a high security risk.
 

How to check whether allow_url_fopen is Enabled for your domain

You must create a phpinfo.php file under your domain to check whether allow_url_fopen is enabled or not. Open phpinfo.php file in browser http://yourdomain.com/phpinfo.php and search for “allow_url_fopen” to check whether it is On/Off.

Type the below command on the server to check whether allow_url_fopen is On or Off.

grep allow_url_fopen /usr/local/lib/php.ini

php.ini file location might be different on your server so change the above command accordingly.
 

How to Enable allow_url_fopen globally on a Linux/cPanel Server


 
1. Log into your Linux Server via SSH as ‘root’.

2. Type “php --ini” command to find the location of PHP configuration file.
 

root@server [~]# php --ini
Configuration File (php.ini) Path: /usr/local/lib
Loaded Configuration File: /usr/local/lib/php.ini
Scan for additional .ini files in: (none)
Additional .ini files parsed: (none)

 
On the above server you can see that PHP configuration file is in location “/usr/local/lib/php.ini”

On Easyapache 3 servers the php.ini file will be in the above location. Location is different on Easyapache 4 servers.

3. Edit the php.ini file to enable allow_url_fopen.

You can edit the file php.ini using vi editor
 

root@server [~]# vi /usr/local/lib/php.ini
allow_url_fopen = On

 
4. Change the line “allow_url_fopen = Off” to “allow_url_fopen = On”

5. Save the php.ini file after changing allow_url_fopen to On

6. Restart apache service after enabling allow_url_fopen

Command : service httpd restart

Now allow_url_fopen is enabled globally for all domains on your Server. allow_url_include = On
 

How to enable allow_url_fopen for a specific website


 
If your website is hosted on shared server allow_url_fopen might be disabled globally by your webhosting provider. You must create a custom php.ini file to enable it for your website.

1. Login to cPanel

2. Click on “File Manager” in cPanel

3. Create a php.ini file in the document root of your website

/home/user/public_html/php.ini

4. Enter “allow_url_fopen = On” in the above custom php.ini

vi /home/user/public_html/php.ini
allow_url_fopen = On

5. Save the php.ini file and exit.

6. Run the command “service httpd restart” to restart apache.

7. Create a phpinfo page under your website to check whether allow_url_fopen is enabled.

http://www.yoursite.com/phpinfo.php
 

How to Disable allow_url_fopen on a Linux/cPanel Server


 
Websites might get hacked if allow_url_fopen is enabled on the server so most of the hosting companies disable it. Websites will be compromised if this directive is enabled globally on the server.
 

How to check whether allow_url_fopen is disabled globally

Type the below command to check whether “allow_url_fopen” is enabled on the server.

Command : php -i | grep allow_url_fopen
 

root@server [~]# php -i | grep allow_url_fopen
allow_url_fopen => On => On

 
allow_url_fopen is enabled on the above server. Edit the PHP main configuration file to disable allow_url_fopen

Type the below command to check the location of main PHP configuration file:

Command : php -i | grep php.ini
 

root@server [~]# php -i | grep php.ini
Configuration File (php.ini) Path => /usr/local/lib
Loaded Configuration File => /usr/local/lib/php.ini

 
Edit the PHP main configuration file /usr/local/lib/php.ini using vi editor and change “allow_url_fopen = On” to “allow_url_fopen = Off”. Save the changes and exit.
 
Users can still enable allow_url_fopen for their website by creating a custom php.ini file under their website.

Do the below steps if you want to prevent users from enabling allow_url_fopen by creating custom php.ini

Add allow_url_fopen to disable_functions

Edit PHP configuration file /usr/local/lib/php.ini using vi editor and change “disable_functions = allow_url_fopen, fopen”

Save the file and exit.
 

How to Enable/Disable allow_url_fopen on Easyapache 4 server


 
1. Log into server via SSH as ‘root’ user

2. Type “php --ini” command to find the PHP configuration file
 

[root@server ~]# php –ini
Configuration File (php.ini) Path: /opt/cpanel/ea-php56/root/etc
Loaded Configuration File: /opt/cpanel/ea-php56/root/etc/php.ini

 
PHP configuration file on the above server is /opt/cpanel/ea-php56/root/etc/php.ini

3. Edit the above file and change “allow_url_fopen = Off” to “allow_url_fopen = On”

To Disable Change “allow_url_fopen = Off”

4. Restart the webserver

You can do the same steps from WHM

1. Log in to WHM

2. Search for “MultiPHP INI Editor” in WHM

3. Click on “MultiPHP INI Editor” under “Software”

WHM Home » Software » MultiPHP INI Editor

4. Click on “Basic Mode” in “MultiPHP INI Editor”
 
Easyapache 4 allow_url_fopen
 
5. Select the PHP version from dropdown

6. Use toggle key to Enable/Disable
 

How to Enable/Disable allow_url_fopen on Easyapache 3 server


 
1. Log in to WHM

2. Search for “PHP Configuration Editor” in WHM Search bar

3. Click on “PHP Configuration Editor” under “Service Configuration”

Home » Service Configuration » PHP Configuration Editor

4. Select “Advanced mode” radio button
 
Easyapache 3 allow_url_fopen
 
5. Select the radio button to turn allow_url_fopen On/Off
 
allow_url_fopen enable
 

Comments

  • Siddharth kumar
    July 8, 2018 at 4:09 am

    Very Usefull article.