allow_url_fopen set to Off ?

postcd · Nov 25, 2014

Hello, PHPSecInfo script told be i should turn off "allow_url_fopen", is it safe to do it on WHM server which hosting Wordpress and Joomla?

i found this in phpini:

Code:

cat /usr/local/lib/php.ini | grep allow_url_fopen
disable_functions = "show_source, system, shell_exec, passthru, popen, proc_open, proc_close, allow_url_fopen, symlink, dl"
allow_url_fopen = On

the "allow_url_fopen = On" overrides "disable_functions" ?

thx

24x7ss · Nov 25, 2014

It good idea to keep allow_url_fopen disabled. As you are hosting wordpress/Joomla sites then you can use curl function as an alternative of allow_url_fopen.

cPanelMichael · Nov 26, 2014

Hello

I have moved this thread to our "Security" forum. You can find several discussions of this option in previous threads if you search for "allow_url_fopen".

Thank you.

abdelhost77 · Nov 26, 2014

You may use Curl instead of allow_url_fopen which better stays to "OFF"

function file_get_contents_curld($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}

Thread starter	Similar threads	Forum	Replies	Date
F	High CPU from queueprocd - process - block_brute_force & /usr/sbin/nft --json list ruleset	Security	3	Apr 9, 2023
R	Can I Set a Cookie with Directory Privacy?	Security	2	Sep 26, 2022
	SOLVED kex_exchange_identification: read: Connection reset by peer	Security	3	Aug 6, 2022
B	allow_url_fopen locally server 500	Security	1	Dec 9, 2019
C	allow_url_fopen: Google Maps API - Bad coding or Difficult host?	Security	1	Apr 8, 2017

Search

Search

allow_url_fopen set to Off ?

postcd

Well-Known Member

24x7ss

Well-Known Member

cPanelMichael

Administrator

abdelhost77

Well-Known Member