Skip to main content

Changing the "allow_url_fopen" Setting for PHP

Christine Nguyen
  • Updated

Overview

The πšŠπš•πš•πš˜πš _πšžπš›πš•_πšπš˜πš™πšŽπš— option for PHP is used to control whether or not you are allowing PHP to retrieve URL objects like files. This feature is often disabled for security reasons, but it may be required for some scripts to function properly. Users attempting to enable or disable this through the "MultiPHP INI Editor" in cPanel may notice that the change is not reflected in their scripts or PHP information pages. This article will help explain what you can do to adjust this setting.

 

PHP Setting Restrictions

First, it is important to note that PHP has some restrictions on where settings can be configured. Many settings can be set in any recognized configuration file, but some are restricted to system configuration files. The πšŠπš•πš•πš˜πš _πšžπš›πš•_πšπš˜πš™πšŽπš— setting is one such setting that can only be defined in a system configuration file. You can see this for yourself in the PHP Documentation here: 

PHP: Runtime Configuration
Since the user-defined ini files are not system files, this setting would be ignored when it is found there.

 

Enabling/Disabling πšŠπš•πš•πš˜πš _πšžπš›πš•_πšπš˜πš™πšŽπš—

So how could this setting be changed? Depending on how you run PHP on the server, a few different options are available. We recommend reviewing each option to see which would work best for you.

Method 1: Global Change

The typical way to adjust this would be through the global ini file for the version of PHP that needs this feature. This can be modified using the "MultiPHP INI Editor" in WHM for each version of PHP individually. This changes the setting for all accounts that use that version of PHP. To enable this globally:

  1. In WHM navigate to "Home / Software / MultiPHP INI Editor"
  2. From the drop-down, select the version of PHP you would like to edit
  3. Set the "allow_url_fopen" setting to "Enabled"
  4. Click "Apply" to save the changes

Method 2: suPHP

The suPHP handler is one implementation of PHP that allows PHP to run as each account’s user instead of the default β€œnobody” user used by Apache. One advantage of this implementation is that it allows you to specify a custom php.ini file for the account. This would give the user full access to their PHP settings and allow them to make additional changes to other system-only settings.

This is done using the β€œsuPHP_ConfigPath” override in the user’s .htaccess file and requires placing a full copy of the system's php.ini file in the directory you wish to change the setting in. Using an incomplete php.ini file would allow you to change the setting but could result in other PHP errors. The following steps need to be taken to change the setting under suPHP:

  1. Obtain a full copy of the system's php.ini file and place it in the document root folder for the domain you wish to change. The system ini files are stored in the following path, where XX is the version of PHP configured on that domain:
    /opt/cpanel/ea-phpXX/root/etc/php.ini
  2. Edit the .htaccess file for the domain, adding the following directive near the top, where the path to the domain's document root reflects the proper file system path. This will be public_html for the main domain on a cPanel account: 
    suPHP_ConfigPath /home/$user/public_html
  3. Edit the local copy of the php.ini file from the above. Change the allow_url_fopen setting to On:
    allow_url_fopen = On

Method 3: PHP-FPM

Finally, if you are using PHP-FPM, this opens up another option for adjusting this setting. The PHP-FPM configuration files count as a system file, and PHP would recognize changes to that setting when defined there. You can use the instructions in the following article to enable PHP-FPM for a domain:

How to enable PHP-FPM for a domain

Once enabled, you can customize PHP-FPM and enable the πšŠπš•πš•πš˜πš _πšžπš›πš•_πšπš˜πš™πšŽπš— setting with the following steps:

  1. In WHM navigate to "Home / Software / MultiPHP INI Editor"
  2. Select "User Domain Settings"
  3. Select "PHP-FPM Settings" on the domain you wish to edit
  4. Enable the option to "Treat URLs as files (allow_url_fopen)"

 

Summary

If you need to enable or disable this feature, it would need to be done in a system-level configuration file. This can be the system's php.ini file (through the MultiPHP INI Editor in WHM to cover all accounts) or through a suPHP or PHP-FPM configuration file (for individual accounts). Attempting to adjust this setting through a non-system configuration file would not result in a change.

Related articles