How to Enable / Disable PHP allow_url_fopen on a Linux/cPanel Server
What is allow_url_fopen ?
allow_url_fopen is used to retrieve data from the remote server. On most of the shared servers this function will be disabled server wide for all domains. It is better to keep this disabled because it is a high security risk.
How to check whether allow_url_fopen is Enabled for your domain
You must create a phpinfo.php file under your domain to check whether allow_url_fopen is enabled or not. Open phpinfo.php file in browser http://yourdomain.com/phpinfo.php and search for “allow_url_fopen” to check whether it is On/Off.
Type the below command on the server to check whether allow_url_fopen is On or Off.
grep allow_url_fopen /usr/local/lib/php.ini
php.ini file location might be different on your server so change the above command accordingly.
How to Enable allow_url_fopen globally on a Linux/cPanel Server
1. Log into your Linux Server via SSH as ‘root’.
2. Type “php --ini” command to find the location of PHP configuration file.
Configuration File (php.ini) Path: /usr/local/lib
Loaded Configuration File: /usr/local/lib/php.ini
Scan for additional .ini files in: (none)
Additional .ini files parsed: (none)
On the above server you can see that PHP configuration file is in location “/usr/local/lib/php.ini”
On Easyapache 3 servers the php.ini file will be in the above location. Location is different on Easyapache 4 servers.
3. Edit the php.ini file to enable allow_url_fopen.
You can edit the file php.ini using vi editor
allow_url_fopen = On
4. Change the line “allow_url_fopen = Off” to “allow_url_fopen = On”
5. Save the php.ini file after changing allow_url_fopen to On
6. Restart apache service after enabling allow_url_fopen
Command : service httpd restart
Now allow_url_fopen is enabled globally for all domains on your Server. allow_url_include = On
How to enable allow_url_fopen for a specific website
If your website is hosted on shared server allow_url_fopen might be disabled globally by your webhosting provider. You must create a custom php.ini file to enable it for your website.
1. Login to cPanel
2. Click on “File Manager” in cPanel
3. Create a php.ini file in the document root of your website
4. Enter “allow_url_fopen = On” in the above custom php.ini
allow_url_fopen = On
5. Save the php.ini file and exit.
6. Run the command “service httpd restart” to restart apache.
7. Create a phpinfo page under your website to check whether allow_url_fopen is enabled.
How to Disable allow_url_fopen on a Linux/cPanel Server
Websites might get hacked if allow_url_fopen is enabled on the server so most of the hosting companies disable it. Websites will be compromised if this directive is enabled globally on the server.
How to check whether allow_url_fopen is disabled globally
Type the below command to check whether “allow_url_fopen” is enabled on the server.
Command : php -i | grep allow_url_fopen
allow_url_fopen => On => On
allow_url_fopen is enabled on the above server. Edit the PHP main configuration file to disable allow_url_fopen
Type the below command to check the location of main PHP configuration file:
Command : php -i | grep php.ini
Configuration File (php.ini) Path => /usr/local/lib
Loaded Configuration File => /usr/local/lib/php.ini
Edit the PHP main configuration file /usr/local/lib/php.ini using vi editor and change “allow_url_fopen = On” to “allow_url_fopen = Off”. Save the changes and exit.
Users can still enable allow_url_fopen for their website by creating a custom php.ini file under their website.
Do the below steps if you want to prevent users from enabling allow_url_fopen by creating custom php.ini
Add allow_url_fopen to disable_functions
Edit PHP configuration file /usr/local/lib/php.ini using vi editor and change “disable_functions = allow_url_fopen, fopen”
Save the file and exit.
How to Enable/Disable allow_url_fopen on Easyapache 4 server
1. Log into server via SSH as ‘root’ user
2. Type “php --ini” command to find the PHP configuration file
Configuration File (php.ini) Path: /opt/cpanel/ea-php56/root/etc
Loaded Configuration File: /opt/cpanel/ea-php56/root/etc/php.ini
PHP configuration file on the above server is /opt/cpanel/ea-php56/root/etc/php.ini
3. Edit the above file and change “allow_url_fopen = Off” to “allow_url_fopen = On”
To Disable Change “allow_url_fopen = Off”
4. Restart the webserver
You can do the same steps from WHM
1. Log in to WHM
2. Search for “MultiPHP INI Editor” in WHM
3. Click on “MultiPHP INI Editor” under “Software”
WHM Home » Software » MultiPHP INI Editor
4. Click on “Basic Mode” in “MultiPHP INI Editor”
5. Select the PHP version from dropdown
6. Use toggle key to Enable/Disable
How to Enable/Disable allow_url_fopen on Easyapache 3 server
1. Log in to WHM
2. Search for “PHP Configuration Editor” in WHM Search bar
3. Click on “PHP Configuration Editor” under “Service Configuration”
Home » Service Configuration » PHP Configuration Editor
4. Select “Advanced mode” radio button
5. Select the radio button to turn allow_url_fopen On/Off