PHP include URL issue

**brhospedagens** · 06-06-2008, 06:31 PM

For those who just got themselves a brand new server with CPanel, in my case with CentOS 5.0 OS.

The easyapache compilation does not put:

; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
allow_url_fopen = On
allow_url_include = On

inside php.ini, it is a security matter for sure but those ppl who still got includes like url inside their customers scripts, edit /usr/local/lib/php.ini and add the line above

Hope this helps someone

Regards

**romulob** · 06-06-2008, 11:33 PM

If you don't have mod_security with good rules, your server will run a lot of malicious perl scripts soon. Enabling allow_url_fopen and allow_url_include will open security holes.

Good luck.

**brhospedagens** · 06-09-2008, 07:19 AM

Originally Posted by romulob

If you don't have mod_security with good rules, your server will run a lot of malicious perl scripts soon. Enabling allow_url_fopen and allow_url_include will open security holes.

Good luck.

"inside php.ini, it is a security matter for sure but"

Forums

Thread: PHP include URL issue

LinkBack

Thread Tools

PHP include URL issue

Similar Threads

PHP or include

php4 and Zend - issue with include()

php include() problems

php include broken?

SECURITY ISSUE: phpCoin Remote File Include Vuln

Tags for this Thread

cPanel & WHM

Enkompass

Help

Community

Company

Connect with Us