Knowledge Base

How to enable and disable the PHP allow_url_fopen directive

This article describes how to enable and disable the allow_url_fopen directive in a custom php.ini file.

The information in this article only applies to certain types of hosting accounts. To determine whether or not the information below applies to your account, please see this article.

This article assumes that you have already set up a custom php.ini file on your web site. If you have not already set up a custom php.ini file, please read this article first.

Using the allow_url_fopen directive

The allow_url_fopen directive is disabled by default. You should be aware of the security implications of enabling the allow_url_fopen directive. PHP scripts that can access remote files are potentially vulnerable to arbitrary code injection.

When the allow_url_fopen directive is enabled, you can write scripts that open remote files as if they are local files. For example, you can use the file_get_contents function to retrieve the contents of a web page.

To enable this functionality, use a text editor to modify the allow_url_fopen directive in the php.ini file as follows:

allow_url_fopen = on

To disable this functionality, modify the allow_url_fopen directive in the php.ini file as follows :

allow_url_fopen = off
To verify the current value of the allow_url_fopen directive and other directives, you can use the phpinfo() function. For more information, please see this article.

More Information