07941 016502

SME Server: URL file-access is disabled in the server configuration

URL file-access is disabled in the server configuration

SME Server won't allow a PHP script to open a file that has been specified with a URL such as:

file_get_contents('http://www.example.com/rss.xml');

This will generate the error:

Warning: file_get_contents(): URL file-access is disabled in the server configuration in /home/e-smith/files/ibays/Primary/html/read-external-file.php on line 666

Warning: file_get_contents(http://www.example.com/rss.xml): failed to open stream: no suitable wrapper could be found in /home/e-smith/files/ibays/Primary/html/read-external-file.php on line 666

How to Fix

PHP must be told that it's okay to read files specified with URLs by setting the allow_url_open configuration in php.ini to On. It is not possible to add this setting directly into the php.ini file with SME Server. For SME Server, log on to the server and give the instructions that follow.

Log on using shell (putty, etc.) with the root username and password.

login as: root

root@server's password: password

Issue the commands to change the allow_url_open configuration setting to On.

[root@server ~] db configuration setprop php AllowUrlFopen On

[root@server ~] expand-template /etc/php.ini

[root@server ~] /etc/init.d/httpd-e-smith restart

SME Server uses a template system that automatically generates php.ini using information found in the appropriate template. Any direct modifications to php.ini are overwritten when the server restarts. The 3 commands above tell SME Server that we want to set AllowUrlFopen to On, and then instructs SME Server to rebuild php.ini from the template (which incorporates any modified configurations). To have the new php.ini file take effect the web server daemon (background process), httpd-e-smith, must be restarted (or the server can be rebooted).

Related Commands

To check which php configuration settings have been modified from the SME Server default, use this command:

[root@server ~] db configuration show php

To delete a configuration listed with the show command, use the delprop command as follows (substituting AllowUrlFopen for the configuration setting being deleted):

[root@server ~] db configuration delprop php AllowUrlFopen

[root@server ~] expand-template /etc/php.ini

[root@server ~] /etc/init.d/httpd-e-smith restart

Warning

Note: AllowUrlFopen is disabled by default on SME Server to reduce the possibility of external users exploiting php scripts on your server. Setting AllowURLFopen to On can open the server to attack if a malicious user can figure out how to get scripts on your server to read php files on the attacker's server. When AllowUrlFopen is Off, even if an attacker figures out how to make your script include a file on his server, PHP will refuse to open the remote file.

this worked for sme server: SME Server 7.4

More from EasyNoodle

SEN Mouse

EasyNoodle SEN Switch Mouse - Time saver for use with Special Needs Software.

 

Web Development

Need a website - look no further without speaking to us.

 

IT Support

We'll take care of all your IT support and software development needs.

 

Other Items of Interest