SME Server: URL file-access is disabled in the server configuration
URL file-access is disabled in the server configuration
SME Server won't allow a PHP script to open a file that has been specified with a URL such as:
file_get_contents('http://www.example.com/rss.xml');
This will generate the error:
Warning: file_get_contents(): URL file-access is disabled in the server configuration in /home/e-smith/files/ibays/Primary/html/read-external-file.php on line 666
Warning: file_get_contents(http://www.example.com/rss.xml): failed to open stream: no suitable wrapper could be found in /home/e-smith/files/ibays/Primary/html/read-external-file.php on line 666
How to Fix
PHP must be told that it's okay to read files specified with URLs by setting the allow_url_open configuration in php.ini to On. It is not possible to add this setting directly into the php.ini file with SME Server. For SME Server, log on to the server and give the instructions that follow.
Log on using shell (putty, etc.) with the root username and password.
login as: root
root@server's password: password
Issue the commands to change the allow_url_open configuration setting to On.
[root@server ~] db configuration setprop php AllowUrlFopen On
[root@server ~] expand-template /etc/php.ini
[root@server ~] /etc/init.d/httpd-e-smith restart
SME Server uses a template system that automatically generates php.ini using information found in the appropriate template. Any direct modifications to php.ini are overwritten when the server restarts. The 3 commands above tell SME Server that we want to set AllowUrlFopen to On, and then instructs SME Server to rebuild php.ini from the template (which incorporates any modified configurations). To have the new php.ini file take effect the web server daemon (background process), httpd-e-smith, must be restarted (or the server can be rebooted).
Related Commands
To check which php configuration settings have been modified from the SME Server default, use this command:
[root@server ~] db configuration show php
To delete a configuration listed with the show command, use the delprop command as follows (substituting AllowUrlFopen for the configuration setting being deleted):
[root@server ~] db configuration delprop php AllowUrlFopen
[root@server ~] expand-template /etc/php.ini
[root@server ~] /etc/init.d/httpd-e-smith restart
Warning
Note: AllowUrlFopen is disabled by default on SME Server to reduce the possibility of external users exploiting php scripts on your server. Setting AllowURLFopen to On can open the server to attack if a malicious user can figure out how to get scripts on your server to read php files on the attacker's server. When AllowUrlFopen is Off, even if an attacker figures out how to make your script include a file on his server, PHP will refuse to open the remote file.
this worked for sme server: SME Server 7.4