BIP KB:
URL File-Access Is Disabled Error After Upgrading To PHP 5.2

Article By petter


img

If you have recently upgraded to PHP 5.2.x or newer and are getting an error on your site saying URL file-access is disabled in the server configuration, you may be affected by a new PHP configuration change. As of PHP 5.2.0, a new configuration directive, allow_url_include, was introduced in an effort to enhance security in file inclusion. The introduction of this directive allows an admin to keep allow_url_fopen enabled for scripts that need it, but disable remote includes for include() and require() functions.

Note: We should take a moment to point out that enabling allow_url_fopen and allow_url_include are both strongly discouraged because of the potential for inclusion of remote URLs which can then execute arbitrary code. Furthermore, enabling protection via these two directives only prevents execution of arbitrary code from common URL handlers (e.g. http: and ftp:) and not other attack vectors. For ultimate security in this regard, consider using Suhosin as per this article on the developer's website. 

With the above in mind, if you still decide that you need to have URL file-access enabled for your includes, you will need to add the new directive to your php.ini since it is not already defined and defaults to disabled (0). On a blank line in your php.ini (/usr/local/lib/php.ini on cPanel servers), add the following:


allow_url_include = On
Restart your webserver and you're done.


Tags: , , , , ,

Spin Up A VPS Server In No Time Flat

Simple Setup

Full Root Access

Straightforward Pricing

DEPLOY A SECURE VPS SERVER TODAY!

Leave a Reply



Feedbacks


Creative Commons License
This work is licensed under a
Creative Commons Attribution-
NonCommercial-ShareAlike 4.0
International License.