allow_url_fopen limitation Print

  • 55

Remote file inclusion attacks occur when an attacker pulls files from a remote location on to your server. When you use remote includes, an attacker can write a PHP script and host it on a server, and then use a remote inclusion method to take advantage of inclusion vulnerabilities on your server. With an insecure PHP configuration, attackers can execute the malicious data from their servers, even without read or write permissions on your server. To prevent remote file inclusion attacks, we set the allow_url_fopen and allow_url_include directives to Off in php settings.

Its allowed on our Managed Hosting plan if requested.


Was this answer helpful?

« Back