URL file-access is disabled in the server configuration

I've recently upgraded Apache and PHP on my VPS, and one of the unpleasant surprises was that some scripts which tried including pages from remote sites (I know, not the most secure approach, but there were reasons for that) got broken.


Traditionally, all the websites Google finds suggest that you double-check that your php.ini config has the allow_url_fopen enabled:

allow_url_fopen = On

Well, in my case it was enabled, but scripts were still broken. The really weird thing was that the upgrade procedure didn't include changing the php.ini in any way, so it was fully working before and I kind of expected it to continue working.


After some quick research, I've found out that PHP 5.1 introduced a new security option to accompany the allow_url_fope, and this was exactly the option which broke my scripts:

allow_url_include = On

There you have it, hope it helps you next time you come across this problem!

  • Nate Smith

    Thanks – that actually did fix my problem – just wanted to you know that at least one person was helped…

  • Gleb Reys

    Great to hear that, Nate! Thanks for stopping by!

  • I change code in the php.ini from allow_url_fopen = On to allow_url_include = On, but still it did not work for me.

  • Tim

    This saved my bacon, thank you! And I learned something which is even better.

  • Hiram

    fantastic. Thank you. You just ended a very late night for me trying to solve a problem with why my new server refused to import ads via a script I had written.

    Thank you