cPanelResources

Tutorial Changing the "allow_url_fopen" Setting for PHP

Overview

The “allow_url_fopen” option for PHP is used to control whether or not you are allowing PHP to retrieve URL objects like files. This feature is often disabled for security reasons, but it may be required for some scripts to function properly. Users attempting to enable or disable this through the MultiPHP INI Editor in cPanel may notice that the change is not reflected in their scripts or PHP information pages. This article will help explain why this is the case, and what you can do to adjust this setting.

PHP Setting Restrictions

First, it is important to note that PHP has some restrictions on where settings can be configured. Many settings can be set in any recognized configuration file, but some are restricted to system configuration files. The “allow_url_fopen” setting is one such setting that can only be defined in a system configuration file. You can see this for yourself in the PHP Documentation here: https://www.php.net/manual/en/filesystem.configuration.php

Since the user-defined ini files are not system files, this setting would be ignored when it is found there.

Enabling/Disabling allow_url_fopen

So how could this setting be changed? There are a few different options available depending on how you are running PHP on the server. I would recommend reviewing each option to see which one would work best for you.

1) Global Change

The typical way to adjust this would be through the global ini file for the version of PHP that needs this feature. This can be modified using the MultiPHP INI Editor in WHM for each version of PHP individually. Please note that this would change that setting for all accounts that were using that version of PHP. If you have several sites that need this and others where it should be disabled, you could enable this for a specific version of PHP. Any accounts that needed this setting enabled could then use that specific version of PHP for their sites.

2) suPHP

The suPHP handler is one implementation of PHP that allows PHP to run as each account’s user instead of the default “nobody” user used by Apache. One advantage of this implementation is that it allows you to specify a custom php.ini file for the account. This is done using the “suPHP_ConfigPath” override in the user’s .htaccess file. This .htaccess directive would look something like the following:

Code:
suPHP_ConfigPath /home/USERNAME/
This would require placing a copy of the full system php.ini file in the directory you define. Once both the php.ini file and .htaccess directive are in place, this should start to override the system php.ini file in use by that user. You can then adjust the "allow_url_fopen setting" in that configuration file. This would give the user full access to their php settings, however, and it would allow them to make additional changes to other system-only settings. You can find information about this as well as steps for obtaining a full php.ini file for the account in the following documentation link: https://documentation.cpanel.net/display/EA4/The+cPanel+PHPRC+PHP+Patch+for+EasyApache+4#ThecPanelPHPRCPHPPatchforEasyApache4-suphpSuPHP
Using an incomplete php.ini file would allow you to change the setting, but could result in other PHP errors.

3) PHP-FPM

Finally, if you are using PHP-FPM, this opens up another option for adjusting this setting. The PHP-FPM configuration files count as a system file, and PHP would recognize changes to that setting when defined there. Accounts can be switched to PHP-FPM through the MultiPHP Manager in WHM, and you can read about customizing the PHP-FPM settings in our documentation at the following links:
https://documentation.cpanel.net/display/ALD/PHP-FPM
https://documentation.cpanel.net/display/ALD/PHP-FPM+Code+and+FileSystem+Layout+for+EasyApache+4
https://documentation.cpanel.net/display/ALD/Configuration+Values+of+PHP-FPM

These settings can be defined for all PHP-FPM users (by setting it through the "System PHP-FPM Configuration" tab) or individual accounts (through the "Edit PHP-FPM" link next to the account). The "allow_url_fopen" setting is labeled as "Treat URLs as files (allow_url_fopen)" in the PHP-FPM settings in WHM.

Summary

If you need to enable or disable this feature, it would need to be done in a system-level configuration file. This can be the system's php.ini file (through the MultiPHP INI Editor in WHM to cover all accounts) or through a suPHP or PHP-FPM configuration file (for individual accounts). Attempting to adjust this setting through a non-system configuration file would not result in a change.

Questions/Feedback
Feel free to click on the Discussion tab to let us know if you have any questions or feedback about the information in this tutorial.
Author
cPanelResources
Views
108
First release
Last update