Enabling and disabling the PHP allow_url_fopen directive

This article describes how to enable and disable the allow_url_fopen directive in a custom php.ini file.

🚧

Important

The information in this article only applies to certain types of hosting accounts. To determine whether or not the information below applies to your account, please see this article.

📘

Note

This article assumes that you have already set up a custom php.ini file on your web site. If you have not already set up a custom php.ini file, please read this article first.

Using the allow_url_fopen directive

❗️

Warning

The allow_url_fopen directive is disabled by default. You should be aware of the security implications of enabling the allow_url_fopen directive. PHP scripts that can access remote files are potentially vulnerable to arbitrary code injection.

When the allow_url_fopen directive is enabled, you can write scripts that open remote files as if they are local files. For example, you can use the file_get_contents function to retrieve the contents of a web page.

To enable this functionality, use a text editor to modify the allow_url_fopen directive in the php.ini file as follows:

allow_url_fopen = on

To disable this functionality, modify the allow_url_fopen directive in the php.ini file as follows:

allow_url_fopen = off

👍

Tip

To verify the current value of the allow_url_fopen directive and other directives, you can use the phpinfo() function. For more information, please see this article.

More Information

• To view a complete list of php.ini directives, please visit http://www.php.net/manual/en/ini.list.php.

• For more information about the allow_url_fopen directive, please visit http://www.php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen.

• For more information about the file_get_contents function, please visit http://www.php.net/file_get_contents.

Related Articles

• Custom php.ini files

• Using php.ini directives