The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

allow_url_fopen set to Off ?

Discussion in 'Security' started by postcd, Nov 25, 2014.

  1. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    621
    Likes Received:
    6
    Trophy Points:
    18
    Hello, PHPSecInfo script told be i should turn off "allow_url_fopen", is it safe to do it on WHM server which hosting Wordpress and Joomla?

    i found this in phpini:
    Code:
    cat /usr/local/lib/php.ini | grep allow_url_fopen
    disable_functions = "show_source, system, shell_exec, passthru, popen, proc_open, proc_close, allow_url_fopen, symlink, dl"
    allow_url_fopen = On
    the "allow_url_fopen = On" overrides "disable_functions" ?

    thx
     
  2. 24x7ss

    24x7ss Well-Known Member

    Joined:
    Sep 30, 2014
    Messages:
    271
    Likes Received:
    16
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    It good idea to keep allow_url_fopen disabled. As you are hosting wordpress/Joomla sites then you can use curl function as an alternative of allow_url_fopen.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,764
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I have moved this thread to our "Security" forum. You can find several discussions of this option in previous threads if you search for "allow_url_fopen".

    Thank you.
     
  4. abdelhost77

    abdelhost77 Well-Known Member

    Joined:
    Apr 25, 2012
    Messages:
    81
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    You may use Curl instead of allow_url_fopen which better stays to "OFF"


    function file_get_contents_curld($url) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_URL, $url);
    $data = curl_exec($ch);
    curl_close($ch);
    return $data;
    }
     
Loading...

Share This Page